CSRF attacks are successful when an attacker can cause a user's browser to perform an unwanted action on another site which is the trusted user site. For this action to be successful the user must be capable of performing this action. CSRF attacks are usually as powerful as a user. Means the more the user have access or privilege power on a web application the more powerful a successful attack will be. CSRF attacks are successful nearly against every site that is using implicit authentication. does not explicitly protect itself from CSRF attack.
CSRF Explanation Through Figs
Authentication and CSRF
CSRF attacks most commonly exploit the authentication mechanisms if targeted sites. The root of the problem is that Web authentication normally assures site that a request came from a certain user's browser but it does not ensure that the user actually requested or authorised the request.
Explanation wit the help of Example
Suppose that the V visits a trusted site S when V visits this site the server gives V browser a Pseudo random Session Identifier SID this SID is used by the server of S to identify that the user is V. when ever a request will be made by the V browser the browser will append this SID with the request and the S will understand that its V.
CSRF and SSL
Alternatively the V may use Client Side SSL certificate but it will result in the same problem because the browser will helpfully use the certificate to carry out request to S's site . Similarly if the V authenticates by his IP address CSRF attack would be possible.