This tiny Sinatra application serves up a basic page that runs a CSRF attack on rubazzle-exercise.herokuapp.com. Rubazzle-exercise is a clone of Rubazzle, a dummy application for demonstrating common Rails seurity issues, created by Aaron Bedra (@abedra), Justin Collins (@presidentbeef), and Matthew Konda (@mkonda). Source code at https://bitbucket.org/mkonda/rubazzle/, awesome RailsConf 2014 talk at https://www.youtube.com/watch?v=zZtDOX9kXRU.
- Log in to rubazzle-exercise.herokuapp.com.
- Run this application with
ruby main.rb. - Visit localhost:4567 and click the button.
- Visit rubazzle-exercise.herokuapp.com/orders to see the new order that was placed.