1.Previous
3.Next

is subject to trivial attacks such as

vulnerable.asp?login=YES&username=Mary

This problem could exist in software where
*User submits username / password to logon.asp
*If password for Mary checks out, logon.asp forwards to vulnerable.asp?login=YES&username=Mary

The problem is that vulnerable.asp is designed on the assumption that the page is only accessed in a non-malicious way. Anyone who realizes how the script is designed, is able to craft

1.Previous
3.Next