Hacker News new | comments | show | ask | jobs | submit login

Congrats on the find! How did you know to test requesttype=locreq.json? I googled for "locationsmart locreq.json" and your blog post was the only result.



The first request is to "requesttype=statusreq.json", returning a JSON object, and the second to "requesttype=locreq" returning XML. On a whim I decided to try and get JSON location data out (I like JSON better anyway), and found that the two formats did not exhibit identical behaviour. On exploring that further, I found the consent bypass bug.


I'm impressed by the amount of good guesses you had to get there. Good job!




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: