What Happens During Cross-site Request Forgery (CSRF) Attacks?
In these types of attacks, the attacker is unable to see the responses to the forged attacks. The attacker benefits if they can change the users' credentials or information in a way that allows them to leverage the account. These types of attacks will be successful if session verification/management is handled through cookies. There is an action that the user can perform that the attacker benefits from, and the attacker knows all the parameters needed to complete the request.
A successful CSRF exploit can compromise end-user data and operation when it targets a regular user. If the targeted end-user is the administrator account, a CSRF attack can compromise the entire web application leading to full data disclosure and sometimes full system access.