Hey guys, want to get logged out of a bunch of sites?
-
Taken from reddit: https://www.reddit.com/r/InternetIsBeautiful/comments/3l7edb/website_that_will_log_you_out_of_all_your/
Click to nuke: http://superlogout.com/
Oh, and i didn't get banned from meta.d during the great purge.
So much for csrf.
-
The only site on that list I'm logged into is github.com. Note the lack of past tense in the previous sentence.
-
I don't get it. It says "Ok" next to YouTube, but I'm still logged into YouTube...
Is it broken or...? What's it supposed to do?
EDIT: oh I guess it logged me off of DeviantArt? So that's one site it works on. I still don't know what "Ok" implies, if it seems to show "Ok" even if it failed to log you out.
-
I love how it tried to log me out of YouTube by doing a post request to http:// that got redirected to https:// and therefore lost.
-
Youtube seems to set the right headers too:
Load denied by X-Frame-Options: https://www.youtube.com/ does not permit cross-origin framing.
That was probably a nice demo back when it worked
Domain Name: superlogout.com
[...]
Creation Date: 2011-07-16T03:35:33ZAt least some sites and browsers patched their shit since 2011!
-
if it seems to show "Ok" even if it failed to log you out.
I guess "ok" should read "I fired off an HTTP request ¯_(ツ)_/¯"
-
-
Well, get ready to make fun of me for lacking psychic powers, but maybe a SINGLE GODDAMNED LINE OF TEXT to explain what anything on the site means might be useful.
-
What about this SINGLE GODDAMNED LINE OF TEXT?
-
That doesn't tell me anything. For all I know it's a video game.
-
It's available on Steam.
-
-
Wow, it works even better than the original!
Employed metric: perceived honesty about giving a shit
-
I don't understand the purpose, why not just clear your cookies? Also I'm not comfortable knowing that it's possible for a website to do this kind of thing without my permission, that sounds like CSRF to me.
-
I don't understand the purpose
@LB_ said:that sounds like CSRF to me
Why did you ask a question and then answer it right away?
-
that sounds like CSRF to me
It absolutely is. The short list of sites that do it right are most of the sites that people say "it didn't sign me out!" about. There's also a comment in there purporting to be from somebody from Wikipedia saying something like "I thought we already had CSRF protection, let me go fix that".
-
I didn't realize the website was intended to be a proof-of-concept to highlight security flaws, I thought it was intended to be a useful tool despite the fact that it was evil.
-
Well, if other sites go the Discourse way and start bikeshedding the Logout button away as a power user feature, it might start to be...
-
<body
-
I remember the old community server days where someone would post <img src="/logout.aspx"> and then the moderators would have a really hard time getting rid of it because Community Server sucked so much.
But on reflection, if I thought
WolfensteinCommunity Server represented an apex of mediocrity inshootersforum software, I must have been severely lacking in imagination back then.
-
I remember the old community server days where someone would post <img src="/logout.aspx"> and then the moderators would have a really hard time getting rid of it because Community Server sucked so much.
Hahaha, joke's on you lot, I never registered on Community Server!
-
I'm a bit disappointed to be honest. I thought it would do something novel like steal my cookies and impersonate me for a while but somethings are just not meant to be.
Overall four stars.