Message from JavaScript discussions

January 2018

— Your browser runs the code to load an image and then makes a request to your app server, browser auto-sends a cookie to your app server, and suddenly now your app server is doing whatever is described in the img tag's query string

Message permanent page

— 

<img src="http://bank.com/transfer.do?acct=MARIA&amount=100000" width="0" height="0" border="0">

example from that page

— That is the whole attack right there, nothing more

— There are a lot more ways to do CSRF but that's the easiest

— It will work if this ?a=1&b=2 is how the site works, it could be form request or js request

— img only works for GET requests, yes

— The other attack methods can use other HTTP verbs

— There are tools that make the neccesary code to do this

— Https://code.google.com/archive/p/pinata-csrf-tool/

— It feels strange that I can't find any working example of this strategy

— With express + passport for example

— There are over 400 with passport I think