ok.ru: [okl.lt] Раскрытие администраторских функций в .js + Возможность использования этих функций.

@iframe reported insufficient authorization at okl.lt which allowed regular users to perform actions intended to be accessible to administrators only. This vulnerability was aggravated by the fact that administrators-only API could be reversed-engineered from the HTML code...