Overview
Money Transfer (CSRF) focuses on a transaction flow where a browser session can be used to submit an unintended state-changing request.
This lab applies Cross-Site Request Forgery to a financial-style action where the application must verify both the user session and the intent behind the request.
Security Impact
CSRF in money transfer workflows can cause unauthorized transactions, balance changes, fraud risk, and loss of trust in account activity.
Vulnerability Scope
Transfer forms, payment actions, billing settings, admin operations, and cookie-authenticated APIs are exposed when state changes do not require anti-CSRF protection.
Lab Focus
The lab focuses on CSRF-prone transaction requests, request intent protections, and why anti-CSRF controls matter most in financial and account-impacting workflows.