Avatar

Labs / CSRF Bank Transfer

  • Daily Challenge
  • Released 05 Aug 2025

🏦 Can you steal money without touching the keyboard?

🎯 Master Cross-Site Request Forgery (CSRF) attacks and understand session-based vulnerabilities
🛠️ Learn to craft malicious HTML forms and exploit state-changing web application operations
📊 CSRF vulnerabilities affect 73% of financial applications according to recent security assessments
🚀 Enhance your penetration testing skills with realistic banking application security scenarios

1
Flags
1
Points
Daily Challenge
Solution Available
Pro Exclusive
Start Lab Environment
~1-2 min setup
AWS dedicated
Private instance
Industry standard
Daily Challenge

CSRF Bank Transfer - Challenge Description

Challenge Overview

Welcome to SecureBank's online banking platform! In this challenge, you'll explore Cross-Site Request Forgery (CSRF) vulnerabilities in a financial application. The platform allows authenticated users to transfer money between accounts and manage their banking operations through a web interface.

Learning Objectives

  • Understand Cross-Site Request Forgery (CSRF) attack vectors and exploitation techniques
  • Learn about state-changing operations and web application security mechanisms
  • Practice web application security testing in realistic financial scenarios
  • Develop skills in identifying and exploiting client-side security vulnerabilities

Challenge Details

The challenge presents a realistic online banking system where users can view account balances and transfer money to other accounts. Your goal is to explore the application's security mechanisms and identify potential vulnerabilities that could allow unauthorized actions to be performed on behalf of authenticated users.

Technical Background

Cross-Site Request Forgery vulnerabilities occur when web applications perform state-changing operations based solely on user authentication without proper verification of user intent. This allows attackers to trick authenticated users into unknowingly performing actions on their behalf, such as transferring money, changing account settings, or making purchases.