Hello Friends,

I’m Rem01x And I’m Currently Preparing For The eWPTX Exam So I Will Be Walking Through All PortSwigger Labs And Make Sure To Make Writeups For All Of Them.

Let’s Start Now.

Assume that we have this website.

Please notice the my account option on the top right.

Let’s navigate to it and see what we could do there.

As we observed this is a login page so let’s provide our credentials to be able to login.

After logging in we can observe that we have an update email functionality.

let’s try to provide any new email of your choice and try to update it and intercept the request.

As Observed the email can be changed by the email parameter and the CSRF Token.

By Doing Multiple Examining on the CSRF Token like Changing Request Method, Null CSRF but those techniques does not seem to work.

So can you try harder with me and think about a solution ?