Creating a CSRF PoC Code Snippet

As the basis for building a CSRF PoC snippet, let's go back to a form on the deliberately-vulnerable web app, webscantest.com, that's vulnerable to both XSS and CSRF:

Now we can fill in the values for our form, entering the information for one William Private Mandella Mandella:

In order to build our CSRF PoC, it can be helpful to see the form as an HTTP action, so we can grab the type of data-encoding, HTTP verb, and form-field information all at once.

In order to view that request, make sure you're viewing ...

Get Hands-On Bug Hunting for Penetration Testers now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.