How it works...

CSRF attacks require an authenticated user session to surreptitiously perform actions within the application on behalf of the attacker. In this case, an attacker rides on ed's session to re-run the registration form, to create an account for the attacker. If ed had been an admin, this could have allowed the account role to be elevated as well.

Get Burp Suite Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.