← All Labs
CSRF — Money Transfer (No Anti-CSRF Token)
QuickBank's transfer form has no CSRF protection. An attacker site can auto-submit a transfer using the victim's logged-in session. Trigger an unauthorised transfer via the attacker page.
QuickBank's transfer form has no CSRF protection. An attacker site can auto-submit a transfer using the victim's logged-in session. Trigger an unauthorised transfer via the attacker page.