Real world reports PoCs

You can read these real world CSRF PoCs to better understand how the bug is exploited in the real world scenarios.

• CSRF Account Takeover famebit by Hassan Khan

• Hacking PayPal Accounts with one click (Patched) by Yasser Ali

• Add tweet to collection CSRF by vijay kumar

• Facebookmarketingdevelopers.com: Proxies, CSRF Quandry and API Fun by phwd

• How i Hacked your Beats account ? Apple Bug Bounty by @aaditya_purani

• Paypal bug bounty: Updating the Paypal.me profile picture without consent (CSRF attack) by Florian Courtial

• CSRF Account Takeover by Vulnerables

• Uber CSRF Account Takeover by Ron Chan

• Messenger.com CSRF that show you the steps when you check for CSRF by Jack Whitton

Reference: https://whoami.securitybreached.org/2019/06/03/guide-getting-started-in-bug-bounty-hunting/