CSRFs -- or Cross-Site Request Forgery vulnerabilities -- occur when a server accepts requests that can be “spoofed” from a site running on a different domain. The attack goes something like this: you, as the victim, are logged in to some web site, like your router configuration page, and have a valid session token. An attacker gets you to click on a link that sends commands to that web site on your behalf, without your knowledge.
These vulnerabilities can be especially handy to attackers when trying to exploit something on the the victim's LAN.
more here.....https://community.rapid7.com/community/metasploit/blog/2014/04/15/exploiting-csrf-without-javascript
These vulnerabilities can be especially handy to attackers when trying to exploit something on the the victim's LAN.
more here.....https://community.rapid7.com/community/metasploit/blog/2014/04/15/exploiting-csrf-without-javascript