XSS - Cross Site Request Forgery (CSRF)

Goal: 

 Cross-Site Request Forgery (CSRF/XSRF) is an attack that tricks the victim into loading a page that contains a form. 

1. Enter below script in the Message Field. 

<img src="http://192.168.199.144:8080/WebGoat/attack?Screen=280&menu=900&transferFunds=5000" width="1" height="1" />

2. Turn on the Burp Proxy intercept 

3. Click on the newly created messages "Lucky Draw for $500000"

4. From Burp Suite, add &transferFunds=50000 as below and then forward the packet.

5. Now shown successfully transfer 50000

Please publish modules in offcanvas position.