Can't really divulge many details but here goes. A company I know of has this website where you can sign in as a user or a guest. If you sign in as a guest, you fill out some info such as name, phone number, address and birthdate. At the bottom of the page is a register button. If the user starts filling out the form but doesn't end up hitting register, he is able to copy the URL and send it to his other friend. That friend can paste the URL on a different computer and see all the info that the first guy had filled out.
So the company received an email from the guy who found this hole saying that the company should know about it and patch it before he reports it to the papers. Apparently, he was able to see many other users filled out forms as well by guessing/changing the numbers at the end of the URL.
The company has been thinking of ways to resolve this. One idea was to block/hide the address bar so no one can copy the URL. Even if they do this though, won't the attacker still be able to go into the browser history and retrieve the URL there?
Any insights would be great!
GCIH, Security+, Network+, A+, MCP, DCSE