Y
Hacker News
new
|
ask
|
show
|
jobs
by
spulec
5893 days ago
I can confirm that the security hole was not limited to only friends. I was able to insert non-friend's IDs for the "viewas" parameter.