Hacked Session XSRF Attack
- Find vulnerable website.
- Find application which performs action without user's knowledge.
- Now create a HTML page that will perform desired action by application without interacting with user to set cookie. Use PHP or Java script to perform desired action.
- When user is logged on, anyhow make him/her load your HTML page. You can select email or link on social network to vector your page.