After visiting a website, a user receives an email thanking them for a purchase which they did not request.
Upon investigation the security administrator sees the following source code in a pop-up window:
<HTML>
<body onload=”document.getElementByID(‘badForm’).submit()”>
<form id=”badForm” action=”shoppingsite.company.com/purchase.php” method=”post” >
<input name=”Perform Purchase” value=”Perform Purchase”/>
</form>
</body>
</HTML>
Which of the following has MOST likely occurred?

A.
SQL injection

B.
Cookie stealing

C.
XSRF

D.
XSS

Explanation:
XSRF or cross-site request forgery applies to web applications and is an attack that exploits the web
application’s trust of a user who is known or is supposed to have been authenticated. This is often
accomplished without the user’s knowledge.