Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The hashtag isn't necessary, ie https://post.craigslist.org/manage/1340717167/tkrju works too.

Actually, I think craigslist probably views this more as a feature than an exploit. Since you don't need an account to post on craigslist, they can't do normal cookie based authentication, so they just give you a secret url for editing your page. Unfortunately, the only thing secret about the url is a 5 character alpha-numeric string, which I suppose would be possible to brute force.



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: