TOM Online WEB mailbox the presence of multiple CSRF vulnerabilities and fixes-vulnerability warning-the black bar safety net

For contains a picture of the accessory, a request to Annex when the Referer will be exposed to the current sid, for example: GET /mblogpic/be654a34c8f4aad1ec6a/2 0 0 0 HTTP/1.1 Host: t100. qpic. cn Connection: keep-alive Cache-Control: max-age=0 If-Modified-Since: Mon, 0 6 Apr 2 0 1 2 1 4:0 0:0 ...