Please visit the project section:
@ScriptName: Cross Site Request Forgery (CSRF) PoC Template
@Purposes: For any Legal/Ethical Educational Security Researches Only (without any WARRANTY). You can create your own CSRF PoCs by using this template. Author does not accept any responsibility or liability for the use or misuse of this code.
When I was searching for a ticket in nationalrail.co.uk website, I suddenly found an XSS and also a SQL Injection vulnerabilities in it.
I reported these two vulns. to its website just for having more security. And, I think these two vulnerabilities are fixed now.
However, I believe that still 70% of webistes are vulnerable against the OWASP TOP 10!
Also, I think you should read “Survey: Majority of Web sites vulnerable” as well.