What type of attack exploits the trust of a website for an authenticated user?

Cross-site request forgery (CSRF) is an attack that takes advantage of the trust that a website has in the user's browser. In a CSRF attack, an attacker tricks a user into unknowingly submitting a request to a web application in which they are currently authenticated. Since the request originates from the user's browser, the web application assumes it is a legitimate action and processes it, potentially causing unauthorized changes.

This type of attack is particularly effective because it exploits the authenticated state of the user. For example, if a user is logged into their banking website, a CSRF attack could send a request to transfer funds without the user's consent, relying on the fact that the bank's server also trusts that user's session.

In contrast, other types of attacks mentioned do not specifically exploit the trust in the authenticated user in the same manner. SQL injection attacks involve injecting malicious SQL queries into an application to manipulate or access databases. Cross-site scripting (XSS) focuses on injecting malicious scripts into web pages viewed by other users, allowing an attacker to capture data from those users. Session hijacking involves taking over a user's active session but does not necessarily exploit the trust of a website in the way CSRF does.