Design flaws make it possible to find out hash of the secret used for URL generation in secureURL.php version 2.0. The problem enables malicious parties to calculate checksum over fabricated URL parameters. The design flaws render the system ineffective against attacks and gives a false sense of security.
2bac6017745b6a2c0260aed056b9e2dfa6f9642bd68c12696537a9e5fa1695a9