昨日、某所で話題になったキーワード「CSRF」が頭にこびりついてなかなか寝付けなかった。ぐぐったら、こんなものが出てきた。
Cross-Site Request Forgeries (Re: The Dangers of Allowing Users to Post Images)

The problem isn't the IMG tag on the message board,
it's the backend app you seek to attack via the IMG tag.

And I suspect lots of Web apps are vulnerable. Lots.

I've been to training on highly-regarded, widely-used,
expensive Web app development frameworks,
and none of the classes taught how to avoid the problems I will attempt to describe.

In fact, they all seem to teach the "easy way" of handling what look like user requests,which is, of course, the vulnerable way.

Anyway, let's look at how your post relates to what I call CSRF.

↓こんなサイトあったんですねorz
XOOPSハッカーズ２