Cross-Site Request Forgery Vulnerability Demo
CSRF is an attack that forces authenticated users to execute unwanted actions on a web application in which they're currently authenticated. The attacker tricks the user's browser into making requests to a site without their knowledge.
Try to identify what happens when you interact with the form below.
Click the "Click here to claim your prize!" button.
This simulates a CSRF attack where a malicious website tricks you into performing an action (in this case, transferring money) on another site where you're already authenticated.
The form contains hidden fields that specify the recipient and amount, and lacks a CSRF token that would prevent this attack.
Websites can protect against CSRF by implementing: