Sounds dangerous right? Well, it is.. kind of…
I am talking about personal messages on Orkut. How safe are they? Are you sure, no one else can read your messages?
Well, something to show you…
This is personal message of some user which I am viewing. If you see on the top, it shows my id as logged in but the message which is opened does not belong to me.
Now the quick question would be, how the hell did you find it?
Well, I was checking my referral logs in my w3counter account and one of the referrers was this message. So I clicked on the link expecting a login box or access denied message. But instead of that, I was able to view that message.
So now next question would be, how do I read that girl’s messages?
haha, it is not that easy as it sounds. In short, it is very difficult because the messages are assigned a random key which is not possible to generate so easily. So if you know that random message ID, then only you can read the message.
It needs good amount of time to understand the pattern of the message IDs and view the messages.
Actually, you can do well on any blog platform… all you need is, get the things in right place. i.e. search engine friendly urls, code, pinging, trackback options, technorati integration and integration with few more blogging search networks.
I will hold you to your own words. See thats the problem with wordpress all this comes inbuilt and there is hardly any tweaking to do and most of them have plugins.
Scary if you think about it. 🙂
But nonetheless, either you have the id number or not, it shopuld require you to login as the correct user, i.e. the user the message is meant for..
No, it does not need you to login as that user. Deep can read message of xx user, all I need is to know the pattern of the messasge ID.
Deep.. u always amuse me with such flaws in orkut. Good Work. I too have noticed bad orkut code a couple of times.
Cant believe that ‘Google’ goofed up @ this. When u have a networking site live, security should be the top concern!
Yeah I understood that Deep. I was just pointing out that it should 🙂
Naughty Deep!!!
Early you found email ids of girls, now you’re reading their personal messages too…
BAD 🙂
PB: Deep, do “Did You Pass Math” need javascript allowed to work?
Riyaz – Actually I tried my best to read personal messages of couple of babes but I failed badly in it lol j/k
About math plugin, sorry I have no idea about it but most probably it should not require JS enabled…