CSRF, or Cross-Site Request Forgery, is a technique that allows hackers to carry out unwanted actions on a victim’s behalf. For example, a hacker might be able to change your password or transferring money from your bank account without your permission. Sometimes, faulty CSRF protection mechanisms lead to inconsequential issues like unauthorised setting changes or emptying a user’s cart. Other times, they lead to much bigger issues: user information leak, XSS, and even one-click account takeovers. Today, let’s talk about how you can escalate CSRF issues and a few cases that I have encountered in the wild of CSRFs leading to severe security issues.