A CSRF attack forces a logged-on victim’s browser to send a forged HTTP request, including victim’s session cookie and other authentication information, to a web application.
For example, suppose you have a site with a form. An attacker could create a bogus form on his site. This form could contain hidden inputs and malicious data. This form is not sent to the attacker’s site, in fact, it comes to your site. Thinking that the form is genuine, your site process it.
Now suppose that the attacker’s form point towards the deletion form in your site. If a user is logged in and redirected to the attacker’s site and then perform the search, his account will be deleted without knowing him. That is the CSRF attack.