GoFuckYourself.com - Adult Webmaster Forum - View Single Post - 1250GB per Month

SplitInfinity · 07-24-2006, 04:55 PM

Word of information:

https://serveradvance.com/loginorder...assword=t5r5r5

That link you posted is Vulnerable to cross site scripting attacks.
Namely, you should NEVER put the password in a URL.

Try going to that url, then going to your own site. The referrer url in your own sites stats pages will show the full url with password in your stats.
Alot of unknowing webmasters will fall victim to that. Fix it.

Heres the scenario...
Webmaster signs up, logs into their account with a bookmarked url like that with the password in it... decides to go to another site... voila, the site they visited will have the password and access url to his account.

Just food for thought.

Not intended as a diss. Just words of advice.

07-24-2006, 04:55 PM
SplitInfinity Confirmed User Join Date: Dec 2002 Location: San Diego, CA Posts: 3,047	Word of information: https://serveradvance.com/loginorder...assword=t5r5r5 That link you posted is Vulnerable to cross site scripting attacks. Namely, you should NEVER put the password in a URL. Try going to that url, then going to your own site. The referrer url in your own sites stats pages will show the full url with password in your stats. Alot of unknowing webmasters will fall victim to that. Fix it. Heres the scenario... Webmaster signs up, logs into their account with a bookmarked url like that with the password in it... decides to go to another site... voila, the site they visited will have the password and access url to his account. Just food for thought. Not intended as a diss. Just words of advice.