Update: This bug is temporarily fixed as of now. Details are here.
Last few days had been really good for orkut with mobile version and lightweight version being launched as well as orkut apps unveiled in India.
But now its time to get back to the bugs in Orkut, what keep it hot and (in)famous among bloggers and hackers.
A new bug found in Orkut album which in my experience most severe bug due to the thing it let you do. Any user can perform following actions on anyone’s album…
- Delete All photos from album
- Edit image caption to anything
- Change album cover
What makes it most severe is, it works with locked album. We had a hack few days back view locked album. But it was not severe like this as user could only view the images and could not change them back!
Considering scrap-all script and communities medium on orkut, it may become available to all anytime although I am disclosing technical details here.
What the worst could happen…
If used in a program, this bug can delete millions of photos and cause complete chaos on orkut!
What to do now…
Back up your orkut album if you don’t have them offline. If you have serious concerns over privacy, please remove all photos from album as soon as possible. Locking your album will not work!
Its really foolish to rely on Orkut to fix this bug, although they will do it ASAP considering the damage it can cause to Orkut.
Where could be problem…
A single program whose name I can not disclose here, is not validating users properly. I guess its relying on its parent page considering, direct link to it not obvious from prominent places like homepage, profile, etc.
This is really bad programming. You should never take things for granted when you are dealing with privacy.
Unfortunately, I can not post vulnerability in orkut help group as it can be misused by other readers there. 🙁
Open request to fellow bloggers…
I saw this first time 4 days back in a orkut community. Gaurav and many other bloggers choose to keep it secret. But I guess that is what delaying a fix. Likewise if you come to know about it, do not unveil the details until the bug gets fixed.
13 Comments
shit man…. after working soo much on the cookie structure…
i thought orkut getting better 🙁
so sad this is happening!!
@gengis
This is the reason I like facebook more!
Its much more secure than orkut.
Between this bug is fixed now temporarily… 🙂
no words u man..
heyy u jus informed dat we can view n delete photos on a locked album…but u dint give the procedure howwe can do it..can i have the procedure??
@naweed
Didn’t get u???
@Ali
This bug is fixed now…
Details are here.
hey man plz describe the procedure i m in real trouble plz help
@ginnie
This bug was fixed long time back…
Details are here…
i could’t unlock others album how can i do it
@Ragib
This bug is not working as of now…
You may subscribe to my RSS feed or email alert to receive automatic updates in future 🙂
man i searched a lot for viewing orkut locked albums script on grease monkey…….. but none works …but i think cookie steling script should work i fmodified al iittle ….. what do u think?
dude even facebook got a bug….
press up,up, down, down, left, right, left, right, B, A, Enter key, then right click and magic crcles will appear. the only way to get rid of them are to log off or refresh the page
Du Ya Knw any 1 hw to hide our gender in orkut