Hello Friends,

I’m Rem01x And I’m Currently Preparing For The eWPTX Exam So I Will Be Walking Through All PortSwigger Labs And Make Sure To Make Writeups For All Of Them.

Let’s Start Now.

Assume that we have this website.

Please notice the my account option on the top right.

Let’s navigate to it and see what we could do there.

As we observed this is a login page so let’s provide our credentials to be able to login.

As we notice we will try to update our email to [email protected].

Now let’s intercept the request.

As observed the email address is updated based on email parameter and two Anti-CSRF Token.

We have CSRF Token and CSRFKey Token.

By Doing Multiple Examining on the CSRF Token and CSRFKey like Changing Request Method, Null CSRF but those techniques does not seem to work.