

Deadsimple.me – Low Noise Single Page Websites - corruptnetwork
http://deadsimple.me

======
sweis
Howdy. I think this is vulnerable to cross-site scripting. For example:
<http://deadsimple.me/foobar/>

~~~
ElbertF
Yup, the cookie isn't limited to your path. What's even worse, when logged in
you can edit any page:

<http://deadsimple.me/foobar/?edit>

~~~
corruptnetwork
Well, you can edit pages which are NOT password protected from the owner.
That's fine.

~~~
sweis
I tried to password-protect the page in question. It may not be working
properly.

~~~
corruptnetwork
Alright, issue should be solved now. Try yourself! Thanks.

------
hollerith
How is this different from Jottit?

~~~
corruptnetwork
Jottit is overfeatured.

