February 16, 2009 at 17:11Vkontakte, accelerated photo viewing - the access hole was not completely closed
As many probably know, relatively recently vkontakte.ru launched “Accelerated Photo Viewer,” a fairly convenient feature with ajax photo switching. This mode became especially popular when it turned out that the current user's access rights to the photos being viewed are not checked (that is, instead of the message “The photo is protected by privacy settings”, you received the desired content).
After some time, vkontakte.ru programmers closed this hole. But ... today I accidentally stumbled upon this: if you go to the user’s photos page, turn on the accelerated mode, and on this page there is at least one photo available to you - once you’ve got to it, you can click the back arrow (go to the previous photo ) - and voila! access check is disabled again. By clicking “back” again, you can watch all the pictures, only in the reverse order.
After some time, vkontakte.ru programmers closed this hole. But ... today I accidentally stumbled upon this: if you go to the user’s photos page, turn on the accelerated mode, and on this page there is at least one photo available to you - once you’ve got to it, you can click the back arrow (go to the previous photo ) - and voila! access check is disabled again. By clicking “back” again, you can watch all the pictures, only in the reverse order.