Friday, 14 October 2011

Hacking Orkut

Orkut recently upgraded the interface of their website. The site now looks good in shades of white and blue. But with the upgrade came a few problems. Many people noticed that they cannot delete the scraps now (link). When ever you try to delete any scrap it posts the page back with a link in red on the bottom which says report bug (BTW that link doesn't work either). Lets take a look at the delete button code.

<span class="rfdte"><span class="grabtn"><a href="javascript:void(0);" onclick="_singleDelete(function(){_doDelete(document.deleteForm, 26109785, 5037483, 1189339191)}); return false;" class="btn">deletea>span><span class="btnboxr"><img src="http://img1.orkut.com/img/b.gif"alt="" height="1" width="5"

The onclick function has the _singleDelete which calls _doDelete with some parameters.To look for these functions you will need to have a look at the javascript that is loaded with the page. I found out the following location and opened it.

http://img4.orkut.com/js/gen/scraps005.js
I found the code for delete as this._singleDelete() which does nothing but counts the number of scraps to delete and posts it back. Orkut has tried a lot to make the JS code obscure and so I stopped looking at it. The report bug link which comes on the page once you try to delete anything is interesting, it points to

http://b/createIssue?component=965&cc=te-orkut%2Cnarayan%2Cmanu&notes=OrkutRedesign%3AYes%0D%0ABuild%3A+HamsterXXX%0D%0AServer%3A+%28+test-castro.orkut.com%2C++qa-castro.orkut.com+%2C++staging-castro.orkut.com%29%0D%0AFeature%3A+%28+example-+home+notification+%2Cpolls%2C++...%29%0D%0AAccount%3A%0D%0A%0D%0A%0D%0A%0D%0AREPRODUCIBLE+on+following+OS%2FBrowsers%3A%0D%0AWinXP%2FIE+6.0%0D%0AWinXP%2BFF+2.0%0D%0ALinux%2BFF+1.5%0D%0AMac%2BFF+1.5%0D%0A%0D%0ASTEPS+TO+REPRODUCE%3A%0D%0A1.Login+to%0D%0A2.%0D%0A3.%0D%0A%0D%0ARESULT%3A%0D%0A%0D%0A%0D%0AEXPECTED+RESULT%3A%0D%0A%0D%0A%0D%0A%0D%0A&issue.type=BUG&issue.priority=P3&issue.severity=S2&hotlistIds=56

This looks like an internal link and not something Google would like to put in for everyone to see. It mentions Orkut, Narayan and Manu, which I guess are Google Developers working on the site. We can also see the following servers which Google uses to test orkut.
  • test-castro.orkut.com
  • qa-castro.orkut.com
  • staging-castro.orkut.com

Google must use these for test, quality assurance and staging Orkut internally. The other things points at the OS, how to reproduce the bug and severity issues. It looks to me as if this link was used by Google to report bugs internally but somehow made it to the internet as they did not properly test Orkut, before the new redesign. May be they were in too much hurry to do something new with increasing popularity of facebook.