Solving Portswigger Academy: CSRF where token validation depends on token being present

This lab’s email change functionality is vulnerable to CSRF.

To solve the lab, use your exploit server to host an HTML page that uses a CSRF attack to change the viewer’s email address.

You can log in to your own account using the following credentials: wiener:peter

Login with the given credentials and you will see an email change functionality.

email change functionality

Now first we change the request method from POST to GET and see how application will respond back. This time it says Method Not Allowed.

GET method not allowed

Let’s now remove the CSRF token completely in POST request and it worked.

Response without CSRF token

changed email-id

Let’s generate the PoC and deliver it to victim using exploit server.

This solved the lab.