Aagh! Security holes abound!


#1

I can understand my username in the page source, but NOT my email address, user ID, my NAME, my IP, a bunch of information about me (like if I have bought before, what I’ve been searching for, information about my Gigs and Seller settings, etc.)…

Why is that being sent anywhere? And why is it being sent to me?

Does no one at Fiverr know what a session ID and a user account is? You do not send that crap out!


#2


#3

I was trying to figure out if the site was messed up (problems editing Gigs). I don’t like trying to edit if it’s just messed up again. In the process, I happened to view the source of a page and discovered that Fiverr is sending a giant block of data back to my browser about me. It appears they send giant blocks of what should be internal, server-only data back and forth. I can even see things like the limit variables for my Gig prices. Gee, I can’t imagine why the site sometimes has issues.


#4

Which page?



#5

@djgodknows It appears to be every page when I’m logged in.