The File Manager this web host offers uses a token to track the session. However, this token is sent to the server using a get request, something like:

http://fw58.members.freewebs.com/Members/fileManager.jsp?token=xxxxx

What's even worse, when you click logout, the token isn't destroyed until it times out.
So:
- If you just click logout and go off somewhere else, your friend can still access it from the browsing history.
- If you use a tracker on your page, something like eXTReMe Tracking, and accidently access your page from the File Manager, the referer will get logged and a visitor to your site might click on that link to pwn your website
- If you put a referer tracker on the google ads on the File Manager page, maybe you'll pwn whoever clicks on that link?

PS: I have a website at freewebs too. Maybe it'll get pwned someday?

what a great idea!
-starts on a mission to pwn quang's website -

alternatively, if you're lazy you could always try the googledork

site:extremetracking.com inurl:login "freewebs.com" "token="
i'm guessing most of them are stale by now. good find.

[edit]
- one could also try adding a google alert of the above-mentioned googledork and get it as soon as it happens...

- Extreme tracker does not always log the variables that you need. pity...
[/edit]