In web application security, Cross-Site Request Forgery (CSRF) is a type of attack that tricks the victim into running a command on behalf of the attacker by sending the victim an otherwise innocent HTML snippet. CSRF vulnerabilities are common in amateur web applications and routers with web-based administrative portals. A CSRF attack might look like this:
<img src="http://192.168.0.1/admin.aspx?pw=something" onerror="this.src='http://192.168.0.1/static/logo.jpg';" />
<!-- onerror used to evade suspicion -->
There are two ways to prevent CSRF attacks:
Strictly whitelist all outgoing requests, which is not realisticly practical.
Harden your web applications against CSRF.
more here.....https://resonantcore.net/blog/2015/02/modern-defense-against-csrf-attacks
<img src="http://192.168.0.1/admin.aspx?pw=something" onerror="this.src='http://192.168.0.1/static/logo.jpg';" />
<!-- onerror used to evade suspicion -->
There are two ways to prevent CSRF attacks:
Strictly whitelist all outgoing requests, which is not realisticly practical.
Harden your web applications against CSRF.
more here.....https://resonantcore.net/blog/2015/02/modern-defense-against-csrf-attacks