Cross-site request forgery, also known as one click attack, sidejacking or session riding and abbreviated as CSRF (Sea-Surf) or XSRF, is a type of malicious exploit of websites.
Although this type of attack has similarities to cross-site scripting (XSS), cross-site scripting requires the attacker to inject unauthorized code into a website, while cross-site request forgery merely transmits unauthorized commands from a user the website trusts.
CSRF vulnerabilities have been known and in some cases exploited since the 1990s.
Because it is carried out from the user's IP address, CSRF is untraceable. Exploits are under-reported, at least publicly, and as of 2007 there are few well-documented examples.
Read the rest of the article here (opens in new tab)