What Does Cross-Site Request Forgery (CSRF) Mean?
Cross-site request forgery (CSRF) is a type of website exploit carried out by issuing unauthorized commands from a trusted website user. CSRF exploits a website’s trust for a particular user’s browser, as opposed to cross-site scripting, which exploits the user’s trust for a website. This term is also known as session riding or a one-click attack.
Techopedia Explains Cross-Site Request Forgery (CSRF)
A CSRF usually uses a browser’s “GET” command as the exploit point. CSR forgers use HTML tags such as “IMG” to inject commands into a specific website. A particular user of that website is then used as a host and an unwitting accomplice. Often the website does not know that it is under attack, since a legitimate user is sending the commands. The attacker might issue a request to transfer funds to another account, withdraw more funds or, in the case of PayPal and similar sites, send money to another account.A CSRF attack is hard to execute because a number of things have to happen in order for it to succeed:
