grrowl 2 days ago

I remember back in the day you could embed <img src="http://someothersite.com/forum/ucp.php?mode=logout"> in your forum signature and screw with everyone's sessions across the web

2
lobsterthief 1 day ago

Haha I remember that. The solution at the time for many forum admins was to simply state that anyone found to be doing that would be permabanned. Which was enough to make it stop completely, at least for the forums that I moderated. Different times indeed.

1 reply
sedatk 1 day ago

Or you could just make the logout route POST-only. Problem solved.

anthk 2 days ago

<img src="C:\con\con"></img>

1 reply
jbverschoor 1 day ago

It's essentially the same, as many apps use HTTP server + html client instead of something native or with another IPC.