Uncovered: Serious Orkut Security BUG

Posted on September 4, 2007 by Vaibhav Pandey

It just happened that while checking a personal message on Orkut found a major security bug . Orkut has a personal message feature, wherein the messages are mailed to the user and are also stored in his/her Personal Inbox. When the user tries to retrieve his/her Personal Messages from Orkut’s User Inbox, they are retrieved from the database using a GET url. This means that message fetching details are sent over the browser address bar separated by a special character ? (question mark).

Check out the URL below. This happens to be a message from my personal inbox. ( You will have to be logged in to Orkut to test this).

http://www.orkut.com/Messages.aspx?msg=U0013202476%2FIB%2F0961163969%2FU0021643556

&fld=IB&debug=&na=3&nid=U0013202476%2FIB%2F0961161410%2FU0026794039&nst=31

Now, this message will be available for view by all of you interested, till i either delete this message or this bug gets closed [:)]

This therefore proves that if you are able to sniff any message URL from your network, you can actually read the entire message just by logging into your ORKUT account…. Strange, Isn’t it?

Hope someone from Orkut is listening.

Cheers,

Vaibhav

Filed under: bug, Cracks, hacking, hole, launch, Marketing, Orkut, POP 3, Sales, security, Serials, StarOffice, Technology, tracking, Tricks | 6 Comments »

Open Coffee Club Bangalore: Meetup on 2nd September

Posted on August 29, 2007 by Vaibhav Pandey

It’s again time to notify you all of Open Coffee Club’s second meet which is scheduled to happen on 2nd September 2007 from 11AM – 1PM. The first meet was a grand success with 60 people participating.

Read:OCC gets a Thumbs Up in Bangalore

The venue and the timings for the second meet have also been kept the same as the first one. The meet however this time is planned to be more focussed on issues like Marketing 2.0 and Sales as proposed by Ramjee Ganti.

For those of you planning to attend the event can mark the attendance at UpComing (http://upcoming.yahoo.com/event/240840 ) .

For directions map of the venue, check the map on Brewhaha Site or on Google Maps.

Also, there is a Google Group for OCC Bangalore available at http://groups.google.com/group/opencoffeeclubatbangalore

In case you are new to the Open coffee club concept check out my previous posts on the same at

Open Coffee Club Bangalore : First debut meetup planned

Open Coffee Club Meet @Bangalore: Updates

Cheers,

Vaibhav

Filed under: bangalore, BlackHat, blog, Business Management, Design, DiskSpaceWarning, Events, file, Firefox, Firefox Add On, Free, iPhone, low disk space, Marketing, People Management, ProcessIdleTasks, Sales, spyware, StarOffice, Technology, web, wizard | Tagged: , , | Leave a comment »