🎁 Amazing Deals Website
Get incredible discounts and free offers!
⚠️ Attack in Progress: This page is performing a CSRF attack!
If you're logged into the banking site, money might be transferred without your knowledge.
If you're logged into the banking site, money might be transferred without your knowledge.
🔥 Limited Time Offers!
Free iPhone 15!
Click here to claim your free iPhone 15 Pro Max!
$1000 Amazon Gift Card
Enter to win a $1000 Amazon gift card!
🎯 CSRF Attack Information
Attack Type: GET-based CSRF using Image Tags
Target: Banking application transfer endpoint
Method: Hidden image tags with malicious URLs
Amount: $100 transfer to attacker account
🚨 Hidden CSRF Attack Elements
These invisible elements are performing the actual attack:
<!-- Hidden CSRF attack using image tags -->
<img src="http://bank.com/transfer?to=attacker&amount=100" style="display:none;">
<!-- The victim's browser automatically sends authentication cookies -->
<!-- Bank server processes the request thinking it's legitimate -->
📚 How This Attack Works:
- User visits this malicious page (thinking it's innocent)
- Hidden image tags try to load URLs from the banking site
- Browser automatically sends authentication cookies with requests
- Banking server processes the request as legitimate
- Money gets transferred without user knowledge!
🛡️ Why This Attack Succeeds:
- ❌ No CSRF tokens to verify request origin
- ❌ GET requests modify data (should use POST)
- ❌ Cookies sent automatically with cross-origin requests
- ❌ No origin validation on server side
This page demonstrates how innocent-looking websites can perform malicious actions
Check your banking application to see if the attack succeeded!