CSRF and Insecure Session Authentication                                    Chapter 6

            Using our PoC snippet is extremely simple. We just open it as a local file in our browser
            and submit the form we've coded:
































            Here's what our PoC looks like opened in Chrome. There's no CSS making it pretty d our
            HTML snippet is as bare bones as it gets d but in the case of a CSRF vulnerability being
            exploited in the wild, most of the fields would probably be hidden anyway, with either a
            fake form to get the user to make the submission, or a way of automatically submitting the
            form on page load. Note that in the OJDL field, we have 1SJWBUF .BOEFMMBbour decoy
            data in action.





















                                                    [ 98 ]