Avatar

Labs / CSRF Bank Transfer

  • Daily Challenge
  • Released 05 Aug 2025
The lab needs to be started first.
Need help to start?
Daily Challenge

CSRF Bank Transfer - Challenge Description

Challenge Overview

Welcome to SecureBank's online banking platform! In this challenge, you'll explore Cross-Site Request Forgery (CSRF) vulnerabilities in a financial application. The platform allows authenticated users to transfer money between accounts and manage their banking operations through a web interface.

Learning Objectives

  • Understand Cross-Site Request Forgery (CSRF) attack vectors and exploitation techniques
  • Learn about state-changing operations and web application security mechanisms
  • Practice web application security testing in realistic financial scenarios
  • Develop skills in identifying and exploiting client-side security vulnerabilities

Challenge Details

The challenge presents a realistic online banking system where users can view account balances and transfer money to other accounts. Your goal is to explore the application's security mechanisms and identify potential vulnerabilities that could allow unauthorized actions to be performed on behalf of authenticated users.

Technical Background

Cross-Site Request Forgery vulnerabilities occur when web applications perform state-changing operations based solely on user authentication without proper verification of user intent. This allows attackers to trick authenticated users into unknowingly performing actions on their behalf, such as transferring money, changing account settings, or making purchases.