TARGET: banking.harborline-cu.com (simulated)
You are conducting a white-box web application penetration test against HarborLine Credit Union. The client has provided test credentials and asked you to evaluate the security of their online banking platform. You are authenticated as test user [email protected].
Identify, demonstrate, and document any CSRF vulnerabilities you find. No hints will be provided — work through it as you would a real engagement.
| Item | Detail |
|---|---|
| Target | banking.harborline-cu.com |
| Test user | [email protected] |
| Account | HL-772041 |
| Balance | $8,320.50 |
| Scope | Authenticated web application features |
| Difficulty | Hard — no guided hints |
A documented finding with: vulnerability type, severity, CVSS v3.1 vector string (not just a score), vulnerable endpoint, proof-of-concept HTML, attack scenario, business impact, and specific remediation. The flag is unlocked by crafting a valid PoC.