According to the title above, you must be thinking of Friendster’s security as one of many social networking sites. Friendster is so famous especially in Asia. Yeah, that’s true. And some people also like to upload their own photos in their private folder, or to avoid someone to know your email address. And there is only one reason why they do that, it’s PRIVATE!
You can think that they’re stupid or something like that, but yeah…. they might haven’t known the risk. So, through this simple article I want to show you how dangerous is Friendster, as a place to protect your private thingie.
You’ll be thought how to:
* See private photos
* Reveal The Email Address of Someone on Friendster
* Make him/her unconsciously allow someone to see his/her private photos or other private things on Friendster
And you can do all of that without using a tool! (In some cases)
As what I’ve said, through this article I want to show you some true things or hacks that work in Friendster and it could make you (unconsciously) can show them your private data. This is all true, you can apply it in your daily life, but this story is just a bullshit. :lol:
One day, Mr. R upload his private portraits with his girlfriend. He just don’t want it would be known by many people and just want to show it to some people that have authority to open his private album on Friendster.
Is it:
* Possible for his profile’s viewer to see the album? (#1)
* Possible to even hack it so it can be seen publicly? (#2)
I think it’s almost impossible to do those things, and I think that’s the reason why he uploads all of his photos in Friendster. But, nothing is impossible in this underground world, we just need to find alternatives :D
But, how? How to see the private photos in the private album? How to even hack it so it can be seen publicly? How about to make the owner to do something without the owner’s approval? (In this case, see CSRF.)
So, someone who wants to see it, got an idea to do an action without the approval of the owner:<img src=”http://www.friendster.com/privatephotos.php?action=acceptRequest&_submitted=1&uid=2877032314215"><a href="http://dcblog.co.nr/"><img width="125" src="http://lh6.ggpht.com/_G-BMeDWF9xQ/SlNOTOhyShI/AAAAAAAABAY/2FDt1wGpwuo/click-me.jpg" height="125"/></a>
It makes the owner to do an action without he owner’s approval (Just the same as what I’ve said)
It’s called CSRF (Cross Site Request Forgery). One of my favorite! :D
Ok, continue to the story then. The technique didn’t work perfectly, because the owner has set Safe Mode to be on. So, the one who wants to open the album keep searching on google and found this link:
http://rapidshare.com/files/149931671/FriendsterPrivateViewer.rar.html
He uses that software, but there’s a Trojan insideKeep googling and found this link: http://fs.dibatam.com/
Hmmmm…. He used hat generator and works perfectly!
The photos fetched perfectly here, and nothing need to be hidden!
One more thing to crack, email! Just need an address to be cracked later on! Hehe
So, the one who wants to know more about the R’s secret just tried to add the R’s profile (he ashnt added him!? LoL!) and no email needed! So, It’s just like “Auto Add”.
When he looked at the url, this is what shown:http://www.friendster.com/addfriendrequest.php?authcode=a666c499f17d32b6dd9f2a655b459b&uid=68564384&email=r_moth95%40yahoo.com&firstname=Mr&lastname=R!&friend=&submit=1&id=&btnAdd=Add+cia~+as+Your+Friend
The bold text, show his name, and email! LoL
Friendster doesn’t use encryption methods to encrypt the datas? What The Fu**!
So, my advisory today is just, “Make Sure You Don’t Host Your Pics Or Put Your Private Datas on Friendster”
Privacy On Friendster, Does Friendster Always Protect Your Data(s)?
