Good Afternoon, I think I better explain before I get shouted at,

My collegue (as described the yesterday) is creating a web application for employees only its doesn't need to be top secret but basic protection requires. Rather than making users log onto everything what he has done is added a link to our OWA website that opens up the other ASP.NET site with a varible and the other web application checks the varible and if it equals this show the site if not then push back to the OWA logon.

He has got it all up and running and asked me to check out to see how easy it is to get into. Now knowing the varible I did: http://site.domain/page.aspx?Varible=this

And I was straight in because i knew what the Varible was called and I knew what it had to contain but my question is, is there any way I can hack into the site not knowing the varible name and not knowing what it must contain, theres no other protection on this site so is there some whay I can trick it into revealing it or something?

Thanks,