The state does not match. You may be a victim of CSRF. Infect a friend with CSS

Pick a facebook friend to infect with CSS

Search friend:
Click on a friend to infect: