

Worst security hole you've ever seen? - hansbo
http://stackoverflow.com/questions/1469899/worst-security-hole-youve-seen/

======
moron4hire
A forum site I used to frequent had a bug that allowed you to discover hidden
email addresses. It was a "bug" that the admins knew about quite well and kept
for their own convenience. You could search for users by email address, with a
wildcard automatically appended to the end of your search, and it would
display all of the users who matched, even if their email address was not
displayed. So, you start with "a", then go to "b" and "c", until you see the
user you care about show up. Then, you go on to "ca", "cb", "cc", "cd", etc.,
until you're finally left with only one user because you have
"that_one_asshole_who_hated_me@my_own_damn_employer.com".

