In this post, We demonstrated a scenario of exploiting CSRF vulnerability using DVWA vulnerable web application.
Cross site request forgery better known as CSRF exploits the website trust in the user. In CSRF, attackers forge requests to the website on behalf of the user making it look like it came from the user. Example application is password reset requests or changing password requests.
In CSRF, we would want to make a request to change a user’s password but making it as if the user made the request which is how CSRF works.
In order to exploit this vulnerability, we would need to grab the form code and use it in a page of our choosing.
Say we designed a page for software giveaways and we want visitors to visit the page and request a giveaway. Once they request a giveway, they unknowingly will send a password reset request to the website at which they have an account that happens to be our target.