Labs / CSRF Bank Transfer
- Daily Challenge
- Released 05 Aug 2025
🏦 Can you steal money without touching the keyboard?
🎯 Master Cross-Site Request Forgery (CSRF) attacks and understand session-based vulnerabilities
🛠️ Learn to craft malicious HTML forms and exploit state-changing web application operations
📊 CSRF vulnerabilities affect 73% of financial applications according to recent security assessments
🚀 Enhance your penetration testing skills with realistic banking application security scenarios
Start Lab Environment
CSRF Bank Transfer - Challenge Description
Challenge Overview
Welcome to SecureBank's online banking platform! In this challenge, you'll explore Cross-Site Request Forgery (CSRF) vulnerabilities in a financial application. The platform allows authenticated users to transfer money between accounts and manage their banking operations through a web interface.
Learning Objectives
- Understand Cross-Site Request Forgery (CSRF) attack vectors and exploitation techniques
- Learn about state-changing operations and web application security mechanisms
- Practice web application security testing in realistic financial scenarios
- Develop skills in identifying and exploiting client-side security vulnerabilities
Challenge Details
The challenge presents a realistic online banking system where users can view account balances and transfer money to other accounts. Your goal is to explore the application's security mechanisms and identify potential vulnerabilities that could allow unauthorized actions to be performed on behalf of authenticated users.
Technical Background
Cross-Site Request Forgery vulnerabilities occur when web applications perform state-changing operations based solely on user authentication without proper verification of user intent. This allows attackers to trick authenticated users into unknowingly performing actions on their behalf, such as transferring money, changing account settings, or making purchases.