Published On Oct 20, 2023
In this video, we take a deep dive into the inner mechanics of Cross Site Request Forgery (CSRF), CSRF Tokens, and how Surgey Bobrov was able to bypass them with a joint Google Analytics & Django web framework exploit / vulnerability. CSRF is the lesser known of the big three web attacks, consisting of SQL injection, and cross site scripting (XSS).
0:00 - Overview
0:48 - Cookies
3:17- Cross Site Request Forgery (CSRF)
4:29- CSRF Tokens
6:42- Exploit / Vulnerability
WE HAVE A DISCORD NOW! / discord
Django patch - https://www.djangoproject.com/weblog/...
Original report - https://hackerone.com/reports/26647
Surgey Bobrov - https://hackerone.com/bobrov?type=user
Double Submit Cookie - https://cheatsheetseries.owasp.org/ch...
MUSIC CREDITS:
LEMMiNO - Cipher
• LEMMiNO - Cipher (BGM)
CC BY-SA 4.0
LEMMiNO - Nocturnal
• LEMMiNO - Nocturnal (BGM)
CC BY-SA 4.0
#Python #Coding #Programming #Software #SoftwareEngineering #ComputerScience #Code #ProgrammingLanguage #SoftwareDevelopment #Development #Developers #Hacking #Hack #CyberSecurity #Exploit #Tracking #Web #WebDev #SoftwareEngineer #Django #WebFramework #Vulnerability #PenTesting #Privacy #Spyware #Malware #CSRF #CrossSiteRequestForgery #SQLInjection #CrossSiteScripting #XSS #WebVulnerabilities #Cyber #CyberAttack #BugBounties #GoogleExploit #GoogleAnalytics #EthicalHacking