[lphnull]

I have this friend who runs this forum out of self-made software- not a prefabbed PHP-bb, but home made software. Nonetheless, he had thousands of members who all shared the same particular hobby.

One time I decided to test his inputs, and surprisingly- one of those inputs contained a vulnerability in that it allowed you to post ANY text script or characters without sanitization. I quickly hobbled together a cookie-stealing script and proved how serious this hack was by stealing the password of an alternate dummy account just by visiting my poisoned user/info page.

I told my friend about it, and it took him a surprising long amount of time to actually get around to fixing it.