Forced Browsing Attack
Forced browsing is XSRF attack in which a user is forced to browse a content without his/her knowledge. For example on this blog you can see several advertisements, all of them are real time examples of forceful browsing because you can't control their existence while browsing to this blog. A site is called vulnerable to forced browsing XSRF attack if it processes a request directly without notifying a user. For example consider a website www.victimsite.com is vulnerable to forced browsing XSRF attack. Now suppose you want to buy Bit Defender anti-virus from www.victimsite.com so when you click add to cart button on website, it will process your request by URL which might appears something like this,