Unlock Digital Detective Skills with the 2025 Forensics Challenge – Solve the Cyber Mysteries!

Cross-site request forgery (CSRF) involves an authenticated user unknowingly executing actions on behalf of an attacker without their consent. This occurs when a user, while logged into a web application, is tricked into performing requests that benefit the attacker, such as changing account settings or initiating transactions. The attack leverages the user's active session and trust in the web application, as the requests do not require the attacker to directly compromise the user’s credentials.

In contrast, SQL injection targets the database behind a web application by sending malicious SQL statements to manipulate data. Authentication hijacking focuses on taking over an active session by stealing session tokens, allowing attackers to act as legitimate users without the need for the user's participation. Unvalidated forwarding refers to a flaw whereby users are redirected to untrusted sites without proper validation, posing risks but not necessarily involving the user performing tasks for an attacker. CSRF specifically highlights the scenario of user involvement in an unintended action, making it the correct answer.