Remember above image? Few weeks ago we published a bug in Orkut’s click tracking mechanism which let spammer send third party links bypassing image verification!

Now for those who missed that… A new bug is found in Google Video search history feature! Now Whats a big deal you might say? Well Google Videos and Orkut are both owned by Google Inc. So URL which contains google.com in domain part never encounters image verification!

Now consider link below:

http://upload.video.google.com/searchhistory/url?url=//www.devilsworkshop.org

You can replace any site URL with www.devilsworkshop.org in it and put the link in scraps! Orkut will never ask for image verification!

This bug is more severe compared to bug in Click Tracking mechanism. Fixing this may be still simple but there are many Googles service and so there must be many bugs like this! All this means a lot more spam in coming month on Orkut…

Credits: Sumit Kalra found this while analyzing a recent spam "VORUS VIDEO SCRAP" code!

If you like this post, you may subscribe to my RSS feed or email alerts to receive automatic updates in future! Thanks for reading... :-)