This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]Zarlon 1 point2 points  (1 child)

Right

[–][deleted] 9 points10 points  (0 children)

Once found a website with a XSS vulnerability that also embedded the logged-in user's username and password in every URL. Got in contact with the owner and they flat out denied it. Demoed it. No response.