You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
By explicitly specifying a user ID in the query string, any user can view any other user's profile page. This also allows a user to indirectly determine the total number of if-me users.
Steps to reproduce:
Log in as any user and make a GET request of the form http://www.if-me.org/profile?userid=N, where N is any integer. If a user with ID N exists, their profile page will be returned. Otherwise, HTTP 404 is returned.
The text was updated successfully, but these errors were encountered:
By explicitly specifying a user ID in the query string, any user can view any other user's profile page. This also allows a user to indirectly determine the total number of if-me users.
Steps to reproduce:
Log in as any user and make a GET request of the form http://www.if-me.org/profile?userid=N, where N is any integer. If a user with ID N exists, their profile page will be returned. Otherwise, HTTP 404 is returned.
The text was updated successfully, but these errors were encountered: