Recently I saw this on a site that shall stay unnamed:
When you refresh a page, it’ll make a GET request for log.[site].com
The URL looked exploitable, but I don’t know how to handle it - it does something, but on the client side I see nothing of that. A function is called, but the maximum I get is the HTTP status code.
Would it be useless to try something here? There might be a bug, but I don’t want to blindly destroy something.