What is a requirement for cross-site request forgery to work?
1) The victim must be authenticated with the target site
2) The Attacker must have root privileges on the victim's system
3) The victim must be a member of the IIS_USER group
4) The attacker must steal the victim's cookie