How to demonstrate a CSRF attack

Question

I\'m doing an introduction to the web security to some other people in our enterprise, and I want to show some example to have more impact.

For this I\'ve created a

Answer 1

On the "other host" (the attacker) you just create a FORM with method POST whose action (i.e. where the form is submitted) is your vulnerable app. Then you submit it with javascript on that page.

Like this:

This will submit a POST to your vulnerable app from the attacker's host, when you open that page.