At work, we make use of a system developed in-house for bug tracking, posting sysad requests and for forums. Last week, since one of our officemates had resigned and left some topics open, another colleague asked me if I knew a way to close forum topics that I had not started. As far as I know, the current system only affords such functionality to the one who created the thread. I gave it some thought and an idea popped up. I told her to hold on while I try something out.
After tinkering with the URL and with a little help from firebug, I was able to close a forum topic that I had not started. While I was trying that out, it turns out that she was also able to figure out a way to do the same thing. Two unique solutions both involving tinkering with the URL found within minutes! And apparently, pretty much the same technique can be used to edit forum posts and bug reports that you’re supposedly not allowed to edit.
I suppose they aren’t that keen on security since the system’s merely for internal use. Nevertheless, I wouldn’t want anyone to put words into my mouth as easily as that — especially if the words are with embarrassingly bad grammar.
Credits: Title of this blog post was inspired (although that’s not exactly the word I was looking for) by another officemate’s tweet.