Post Project
  • Search
    • Buyers can
    • Search offers to buy now
    • Search freelancers to request a proposal
    • Freelancers can
    • Search projects to quote on
  • How it works
  • Log in
  • Sign up
  • Freelancer?
Browse by Category
    Technology & ProgrammingWriting & TranslationDesignDigital MarketingVideo, Photo & ImageBusinessMusic & AudioMarketing, Branding & SalesSocial Media

    Hidden link to delete account

    - or -

    Post a project like this
    26/02/2014
    $250
    • Posted: 10 years ago
    • Proposals: 1
    • Remote
    • #408442
    • Expired
    Outgrowth D. has already sent a proposal.
    • 1
    • 1

    Description

    Experience Level: Expert
    General information for the website: I want to find out hidden link to delete account (Only little research needed)
    Description of requirements/features: Hello,
    I'm working on Usability testing of a Gay dating website: www.planetromeo.com

    You'll need to register as user (free). CLick on 'G-rated' while you login if you do not want to see explicit X-rated content.

    There are a couple of issues we are facing:
    1: Whenever any user enters this is the address bar:
    http://www.planetromeo.com/zZ9awTO0JvNOSWlNwst2gZfamC8yyaxD/?jump=&firstLogin=0&sslRedirect=0&profileNotActive=1

    the profile becomes deactive

    2: When a user A blocks another user B, if the user A is given the below URL (with User B's id number somewhere in between), User B is removed from User A's blocked list.
    (You can block a user by going to his profile, clicking Save User and then select Ignore. User id's are generally in this format: 14237393)

    http://www.planetromeo.com/00000000000000000000000000000000/gemeinsam/php/myuser/saveMyUser.php?memo=&smiley=4&linkText=&partnerId=14237393&partnerType=1&status=0

    I've already found out the above loopholes, now I just need to know 2 things. Because I'm working on the Usability, I need to know if some user's account can be compromised by any such defective URL's or not. Because the URL's openly display in the address bar (sometimes for a flick of a second), there should be a way out to give a URL to someone clicking which his/her account is deleted, or clicking which the email id of the account holder is changed, or maybe the password reset mail comes to somebody else's account.

    I need someone qualified enough JUST FIND OUT:
    1: A compromising URL like above which deletes the account of the user upon being clicked.
    2: A URL which changes the registered email id of the account holder (this email id might be shown in the address bar, I agree)
    3: A URL which sends the password reset mail to some one else's email id.

    SO you see aim is to compromise any user's account. Since the site is loosely coded I do not think it should be a big challenge. Also note that since the site is live, you would not be getting access to the code or database.

    Thanks
    Extra notes:
    Alexia R.
    Alexia R.
    98% (24)
    Projects Completed
    34
    Freelancers worked with
    28
    Projects awarded
    34%
    Last project
    16 Dec 2014
    United States

    New Proposal

    Login to your account and send a proposal now to get this project.

    Log in

    Clarification Board Ask a Question

      There are no clarification messages.
    26/02/2014
    $250

    - or -

    Post a project like this
    Alexia R.
    Alexia R.
    98% (24)
    Projects Completed
    34
    Freelancers worked with
    28
    Projects awarded
    34%
    Last project
    16 Dec 2014
    United States

    Related project Searches


    usability testing database

    Product

    • About
    • Team
    • Careers

    Support

    • How it works
    • Trust & Safety
    • Help Centre

    Discover

    • GuidesStoriesNews

    Resources

    • Customer Stories
    • Business Cost Calculator
    • Startup Cities

    Browse

    • Freelance Services
    • Freelance Services By Country
    • Freelance Skills
    • Terms
    • Privacy
    • Sitemap
    • Company Details
    • © 2023 People Per Hour Ltd
    We collect cookies to enable the proper functioning and security of our website, and to enhance your experience. By clicking on 'Accept All Cookies', you consent to the use of these cookies. You can change your 'Cookies Settings' at any time. For more information, please read ourCookie Policy
    Cookie Settings
    Accept All Cookies