Hello friends! Welcome to my twisted CSRF labs! These are the CSRF labs with some of the sweetest cheese but you will have to for it.
Here are some ground rules:

00.php is supposed to be safe, please report all issues to info@thexssrat.com
You can always go to the file
These challenges will get progressively harder
You can always go back to The listing

CSRF 2

Easy+

Goal: Return the flag by forging a request with any token that has the same length as the real one.

Hints

The server is not comparing token values, only sizes.
The token on this page is 64 hex characters long.
Your forged request does not need the victim token. It only needs a string of matching length.

Why This Works

A token check only helps when the server verifies the submitted value against the session value. Checking length or format alone is meaningless because the attacker can generate their own lookalike token.