Introducing CSRF
Consider a banking web application, which transfers money to another user based on his username. The following URL is generated for the same:
https://bank.example.com/transfer/money?username=John&amount=500
So, assuming that the user is logged in and the preceding URL is received by the server of the banking application, it will generously transfer 500
dollars to the username John
. Now this is perfectly okay until someone with evil intention creates a webpage with the following content and hosts it somewhere:
<html> <head> </head> <body> <img src="https://bank.example.com/transfer/money?username=Attacker&amount=2500"/> </body> </html>
If a logged in user of the banking application views the above page, the browser will try to load the image, which actually is a URL to transfer money to the attacker with the amount 2500
dollars. In an attempt to load the image, a GET
request will be sent to the server of the banking...