Cross Site Request Forgery (CSRF)

A CSRF, or XSRF attack happens when a malicious website tricks a logged-in user’s browser into sending an unwanted request to another application. CSRF requires both a intermediate website and a victim website.

This is also called a SSRF: server side request forgery.

Documentation

See also CSRF vs XSS: What are their similarity and differences and Cross Site Request Forgery (CSRF).

Related : Cross Site Scripting (XSS), Nonce, hash_equals(), Static Application Security Testing (SAST), Session Hijacking, Vulnerability