lol wow.. i guess thats another "over-sight" admins didnt notice... gotta admit.. the URL is a good tool to breaking into security. i usually check the url or the source code of the site to see if i can find any links or urls that would take me somewhere. this security flaw would have been a child's play to me.