Yes, this is Cross-Site Request Forgery Redirector. If you are a fan of PHP, I am quite certain that you have heard of Chris Shiflett. He presented a CSRF Redirector. The idea is to re-route the GET request from one place to the POST request of another place which is the target site. As Chris has turned off this service, I think I had to rebuild it myself,for educational purpose, I insisted.
To recap, Alice had logged in to http://example.com, she had an active session. Eve sent a short but malicious link to Alice. That link rendered a HTML page containing a wicked iframe:
01 iframe src=”http://[target_site]/csrf_redirect.php?
03 pid=7|product=iPad2|price=899″ style=”display:none”
The purpose of the malicious short link was to make a purchase silently. You can read more details about CSRF by Chris Shiflett from CSRF attack.
I could not show the sourcecode here because wordpress trimmed all of my html tags, but you could get it from:
I hope this might help you realise how dangerous CSRF is. Enjoy!!