DVWA Pro-test CSRF vulnerability-vulnerability warning-the black bar safety net

CSRF is a cross-site request forgery, i.e., a user at A site after login in the same client of the Site B using the vulnerability to get A site's Cookie and other authentication information, and forgery as legitimate identity request to A site. This article in the local environment, carry out the...

Meta: IDOR in Facebook Messages webcam photos

I found that photos people take with their webcam within private message conversations can be accessed without proper authorization via a photo preview mechanism. Even when the sender decides to discard the image after seeing the preview, it can later still be retrieved through this same preview...