Thursday, June 14, 2007

Facebook's "Draw" Application Bypasses The Friendships!

Yesterday I wasted time drawing on friends facebook walls when It came to mind "Maybe I could Bypass The Friendships, by changing The Members Number.. Well, It Worked.. I drew on random facebook members pages from then on. I wonder if this will work with other applications.

See, Every facebook member has a Number that represents their account/page. by changing that number it brings up anyones page. The Draw Application will allow you to Bypass the Privacy that page meaning that you can draw even though you cannot see that members page .. wait, didn't I just say that? ..uhh.. yeah..
'
For example my Facebook Page is /profile.php?id=500090269

This would make my Draw Application page

/graffitiwall/draw.php?to_id=500090269

and /&fb_from_app_id=2439131959 being the application ID

After Changing The Member ID to something else. It goes directly to another members Draw page (i believe it's whether the person has the app or not)

/draw.php?to_id=500090321


(just might be able to bypass with other applications) .. I'd like the TechCrunch and Mashable folks to challenge this because I KNOW for sure they they'd explain it better that i can)

Which I find so cool, yet I think that with me doing this stuff, I'll get blocked or banned for violating something. But hey Its not my fault that facebook has a vulnerability ..lol


Here's a Demonstration




Ah!! Screencast-O-Matic comes in handy eh!

Note From The Book
Post a Comment