Cross-site request forgery, also known as one click attack, sidejacking or session riding and abbreviated as CSRF (Sea-Surf[1]) or XSRF, is a type of malicious exploit of websites.

Although this type of attack has similarities to cross-site scripting (XSS), cross-site scripting requires the attacker to inject unauthorized code into a website, while cross-site request forgery merely transmits unauthorized commands from a user the website trusts.

CSRF vulnerabilities have been known and in some cases exploited since the 1990s.

Because it is carried out from the user's IP address, CSRF is untraceable.[2] Exploits are under-reported, at least publicly, and as of 2007[4] there are few well-documented examples.

Read the rest of the article here