limdauto · August 18, 2013 12:25
diff --git a/csrf.html b/csrf.html
 <!-- 
 Source: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)

 Alice is current authenticated in her bank website at bank.com. Maria, an attacker, can trick Alice 
 into sending her money through forging a request with Maria as the recipient of Alice's money and tricking Alice into
 issuing the request against bank.com. This trick works because Alice is currently authenticated on bank.com and authorized
 to send her money. 

 -->
 <a href="http://bank.com/transfer.do?acct=MARIA&amount=100000">View my Pictures!</a>
	<!--
	Source: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)

	Alice is current authenticated in her bank website at bank.com. Maria, an attacker, can trick Alice
	into sending her money through forging a request with Maria as the recipient of Alice's money and tricking Alice into
	issuing the request against bank.com. This trick works because Alice is currently authenticated on bank.com and authorized
	to send her money.

	-->
	<a href="http://bank.com/transfer.do?acct=MARIA&amount=100000">View my Pictures!</a>