That reminds me of a bug I found during my first internship. The company had it's own niche social network centered around it's main product. On it, you were able to change your display name at any time, and if you added any spaces to the beginning or end of your username, you could hijack another users profile. That is, I could change my username to " snarfy", and if you clicked my display name to go to my profile, it would actually go to yours. A malicious user could use this to make inflammatory posts posing as a high profile user.
The bug was that the display name was first checked to see if it already existed before white space was stripped. Luckily this was fixed very quickly after it was found, as it existed in production.
The bug was that the display name was first checked to see if it already existed before white space was stripped. Luckily this was fixed very quickly after it was found, as it existed in production.