This proof-of-concept describes a vulnerability in a website's member area, that I've analyzed as part of a penetration test.
The vulnerability is also known as a variant of host header attacks
Is it secure to store passwords in the browser? Here is a short writeup