How Google Analytics was used to Breach Virtually any Website

Video Description

In this video, we take a deep dive into the inner mechanics of Cross Site Request Forgery (CSRF), CSRF Tokens, and how Surgey Bobrov was able to bypass them with a joint Google Analytics & Django web framework exploit / vulnerability. CSRF is the lesser known of the big three web attacks, consisting of SQL injection, and cross site scripting (XSS). 0:00 - Overview 0:48 - Cookies 3:17- Cross Site Request Forgery (CSRF) 4:29- CSRF Tokens 6:42- Exploit / Vulnerability WE HAVE A DISCORD NOW! https://discord.gg/WYqqp7DXbm Django patch - https://www.djangoproject.com/weblog/2016/sep/26/security-releases/ Original report - https://hackerone.com/reports/26647 Surgey Bobrov - https://hackerone.com/bobrov?type=user Double Submit Cookie - https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#double-submit-cookie MUSIC CREDITS: LEMMiNO - Cipher https://youtu.be/b0q5PR1xpA0?si=pUNJUB-ra1ulTJtI CC BY-SA 4.0 LEMMiNO - Nocturnal https://youtu.be/epmoV2HRs9U?si=Rljr2wC0SKYFEruJ CC BY-SA 4.0 #Python #Coding #Programming #Software #SoftwareEngineering #ComputerScience #Code #ProgrammingLanguage #SoftwareDevelopment #Development #Developers #Hacking #Hack #CyberSecurity #Exploit #Tracking #Web #WebDev #SoftwareEngineer #Django #WebFramework #Vulnerability #PenTesting #Privacy #Spyware #Malware #CSRF #CrossSiteRequestForgery #SQLInjection #CrossSiteScripting #XSS #WebVulnerabilities #Cyber #CyberAttack #BugBounties #GoogleExploit #GoogleAnalytics #EthicalHacking