CSRF

Cross-Site Request Forgery

«Cross-Site Request Forgery”, also known as XSRF – kind of attacks on visitors using the protocol shortcomings HTTP. If the victim visits the site, created by an attacker then from on the visitor’s behalf the attacher secretly sends a request to another server (for example, the server of the payment system), which carries a kind of malicious operation (for example, the transfer of money to the account of the attacker). In order to implement this attack, the victim must be authorized on the server to which to send the request, and the request should not require any confirmation from the user, which can not be ignored or tampered attacking script.

One example of the application of CSRF is operation passive XSS, found on another server. It is also possible to send e-mail (spam) on behalf of the victim and change any settings, user accounts on other sites (eg, security question for password recovery).