Full Disclosure mailing list archives
Re: HAPPY BIRTHDAY: Yahoo & AmericanGreetings.com
From: rp <lists () domain-logic com>
Date: Mon, 22 Nov 2004 16:17:43 -0500
At 02:02 PM 11/22/2004, you wrote:
<snip>this is not really the case if you know where to look. Also quite clearly, the $$$ signs blinded those creating the operation because with 30 seconds of time [and that would be Rolex time !], 10-14 variables and once constant can be changed to allow access, editing and sending of any one of the 8000 premium cards. Like it says on the site: "Get access to every eCard - choose from over 8000!" You better believe it !
Yes, ridiculous.Instead of adjusting the hidden elements of the form and posting (which works too)
you can simply adjust the 1 variable in the url for the same effect. It really does take the joy out of throttling a Turkey. Anyone want to send that webmaster a sound bite of Donald Trump's 1 liner? rp _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: HAPPY BIRTHDAY: Yahoo & AmericanGreetings.com rp (Nov 22)
- Re: HAPPY BIRTHDAY: Yahoo & AmericanGreetings.com Ill will (Nov 22)