This page shows a demonstration of a Cross-Site Request Forgery (CSRF) attack that attempts to edit a user's avatar on Tomodachi Share.
This can be used by bad actors to trick users into performing unwanted actions on their accounts, such as changing or resetting their avatar without their knowledge.
Example: A user is logged into Tomodachi Share in one browser tab, and visits a site with this CSRF attack in another tab. If they interact with that site, it could trigger an avatar edit request using their active session.
For demonstration purposes, this form will send a POST request to the avatar edit endpoint. If no image is selected, the endpoint code resets the avatar to the guest image.
The request is only sent after you click the button and confirm the warning.