Loading Profile...
Exploit lets me post via someone's account without AUTH
I just discovered a pretty big security hole with your website. It allows me to post an update via someones account without needing to login.
I have sent an email via the contact form, but as a failsafe I will post here too. I don't want to post any details as others may exploit this bug if they see this posting. Feel free to email me for more details: bmn [ at ] bmn dot name, or just follow up the email I sent via the contact form as I have put all the details in there.
Cheers,
Ben
I have sent an email via the contact form, but as a failsafe I will post here too. I don't want to post any details as others may exploit this bug if they see this posting. Feel free to email me for more details: bmn [ at ] bmn dot name, or just follow up the email I sent via the contact form as I have put all the details in there.
Cheers,
Ben
I’m concerned
1
person has this problem
I have this problem, too!
Tell me when someone solves it.
The more people who report this problem, the more it gets noticed.
The more people who report this problem, the more it gets noticed.
Create a customer community for your own organization
Plans starting at $19/month
