Why is Orkut so vulnerable to SQL Injection Scripts and Session hacking ?

[Maverick340]

Okay,I think my topic title said it all, but yeah I d really like to know why is this so rampant on Orkut and not other sonets (social networking) like Facebook or even MySpace for that matter ..

 

[anand1]

It has some bugs in its script but the main cause is something which is hard to guess....!

 

[Maverick340]

You mean Orkut is coded poorly ?

 

[anand1]

Ye exactly it seems to me that it has some of the bugs in its latest theme.

 

[Maverick340]

Dude, which theme?? If you are mentioned those various scripts floating around on orkut about skin changing .. then um thats not what i meant. In fact the very opposite.. how is orkut allowing such scripts to execute that allows rampant hacking ?

 

[dheeraj_kumar]

I have always assumed that Orkut is badly coded, leading to javascript exploits such as so many these days... Anyway I dont really know the answer, perhaps Rohan can share his knowledge?

 

[kumarmohit]

Security wise Orku sux big time. proves that google is not perfect

 

[gary4gar]

There are lot of flaws in Orkut, that even a normal user like me can notice

• There was a flaw in which one could See(even locked ones),Edit or Delete Albums of Any user.
• *www.devilsworkshop.org/2008/04/18/orkut-album-bug-is-fixed-details-are-here/
  
• the Comments on photos can't be deleted, so if someone type something. it would stay forever
  
• there is method which steals your cookies just by clicking on a link
  so now anyone could login in your account

 

[Maverick340]

It will turn out to be a la myspace. its a good thing more than half the us/uk population
dont know about it. otherwise "orkut sucks" would be making digg's frontpage