XSS - Cross Site Request Forgery (CSRF)


 Cross-Site Request Forgery (CSRF/XSRF) is an attack that tricks the victim into loading a page that contains a form. 

1. Enter below script in the Message Field. 

<img src="" width="1" height="1" />

2. Turn on the Burp Proxy intercept 

3. Click on the newly created messages "Lucky Draw for $500000"

4. From Burp Suite, add &transferFunds=50000 as below and then forward the packet.

5. Now shown successfully transfer 50000

Please publish modules in offcanvas position.