For most web platforms there’s a way to abuse the login mechanism to detect whether a user is logged in to that service. Although this vulnerability is well known for several years most companies won’t fix it. The exploit is pretty simple and actually easy to fix. Let’s look at facebook.

Read More

Advertisements