CSRF - The hidden menace

Cross Site Request Forgery (also known as XSRF, CSRF, Sea Surf, Session Riding, and Cross Site Reference Forgery) is an attack that tricks the victim into taking some action on the vulnerable application without the victim’s knowledge. This can happen when the victim visits a webpage that contains a malicious request, which then performs the chosen action on behalf of the victim.

CSRF attack can be carried out in different ways. The attack could be done using a HTML IMG Tag or a specially crafted URL embedded into the Target application. This works for sure since the victim will be logged into the application. Another way of doing it is to host a site/blog and influence the victim to visit the site. This site in turn would contain the malicious request. This might not work always as users may not be currently logged into the target system when the exploit is tried.