social network

VKontakte detected a bug that allows users to view the applications

For example, you can see who logged in to Pornhub through his social network profile.

Bug stopped working. VKontakte was told that it was quickly eliminated.

Users found a bug in the search section for people in “VKontakte”, which allows you to find out who used this or that application. To use the vulnerability, it suffices to substitute the numerical identifier of the application with a minus sign into a link of the form “https://vk.com/search?c[photo]=0&c[group]=[identifier]”.

Many services use “VKontakte” applications to authorize their sites, so using the bug you can find out confidential information, for example, which of the users of the social network is authorized on Pornhub. Pornosite uses a special application with the identifier 6095035 to check the age of all Russian users.

The numeric identifier of the application accessed by the script on the Pornhub website

If you substitute this number in the link, you can see that about 2.9 million people logged in to Pornhub via “VKontakte”. In the social network they told that they “quickly eliminated the bug”, but did not explain how long it existed.

Back to top button