Twiki funny

I found a funny thing about the Twiki software we use for internal documentation: when you try to edit a page and someone else is editing it, some of the information that is displayed in the error page is passed to that page as URL parameters.  That means we can have some fun:

:D

Advertisements
  1. #1 by Jonathan Branam on August 22, 2008 - 8:46 am

    I love it!

    Did you see the CNN.com T-shirt page? They were selling CNN T-shirts with headlines from CNN stories, but the headline was passed in the URL so people were making the website display shirts with all kinds of great phrases.

    Bunch of stories about this on the net. Of course, they changed it to a hash string now, but it looks like the data is still in the URL:

    Actual T-Shirt:
    http://www.cnn.com/tshirt/index.html?hash=4eed3b36f450bddf511c6c6b5d0cc2e5&session_id=

    Article about URL hack:
    http://www.crunchgear.com/2008/04/21/cnns-hackable-headline-t-shirt-web-app/

    It pays to watch for these things, of course, especially when the website shows your username, e-mail, or password in the URL. Plaxo was sending redirects to websites with e-mails in in the redirect HTTP URL and lost many users for that reason.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s