Answer the question
In order to leave comments, you need to log in
O
O
o_O_Tync2010-12-14 16:19:53
o_O_Tync, 2010-12-14 16:19:53
How the site can find out the user id in the social. networks?
Today, the girl said that she climbed one “specific online store”, and two hours later a person wrote to her on Vkontakte - the store manager - offered her advice on the goods she had viewed.
It is easy to find out what products she looked at by logs. But how were the logs associated with her VKontakte id?
Is it a bug or a feature? :)
UPD: She went to the site from Yandex, there were no Vkontakte OpenAPI authorization windows like “You are going to allow this site access to your data”.
So far, I'm inclined to think that this is either a VKontakte bug, or some trojan / toolbar installed in the browser, or there was a loophole through flash. However, all this is hard to believe :)
13 answer(s)
@o_O_Tync
Example:
svedm.com/test.html
@djerom
@JeanLouis
@Kalantyr
@Robotex
@SuharevVitaly
@Ice_venom
@Robotex
@Awake
@vis0r
I
Ice_venom, 2010-12-14 @o_O_Tync
Well, I smoked the API a little - everything is realizable. We connect the site VKontakte. Next, use the following code on the connected site:
<html>
<head>
<script src="vkontakte.ru/js/api/openapi.js" type="text/javascript"></script>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
</head>
<body>
<script language="javascript">
window.onload = (function() {
VK.init({
apiId: 2046606 //id подключенного сайта
});
function authInfo(response)
{
if (response.session)
{
document.getElementById('t').innerHTML = "Your ID: " + response.session.mid;
}
else
{
document.getElementById('t').innerHTML = 'Вы не авторизованы вконтакте.';
}
}
VK.Auth.getLoginStatus(authInfo);
});
</script>
<div id='t'></div>
</body>
</html>
Example:
svedm.com/test.html
D
djerom, 2015-07-05 @djerom
Updated, maybe it will help someone
<html>
<head>
<script src="//vk.com/js/api/openapi.js" type="text/javascript"></script>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
</head>
<body>
<script>
window.onload = (function() {
VK.init({
apiId: 4983778 //ВАШ_IP_ID
});
function authInfo(response)
{
if (response.session)
{
document.getElementById('id').innerHTML = "Your ID: " + response.session.mid;
}
else
{
document.getElementById('id').innerHTML = 'Вы не авторизованы вконтакте.';
}
}
VK.Auth.getLoginStatus(authInfo);
});
</script>
<div id='id'></div>
</body>
</html>J
JeanLouis, 2010-12-14 @JeanLouis
The vKontakte API for websites has been around for a long time. The contact itself is loaded via an iframe, so all cookies are available, identify the user, and can pass this information to the site using the API.
K
Kalantyr, 2010-12-14 @Kalantyr
Do you know how she got to this online store? If through the search for goods on VKontakte, then everything is explained simply :)
R
Robotex, 2010-12-14 @Robotex
We go to connect.ua/ and press the button Login Vkontakte. No confirmation comes out.
V
Vitaly Sukharev, 2016-06-01 @SuharevVitaly
Who is tracking the issue, but not yet in the know. Yandex is actively fighting this: https://yandex.ru/blog/webmaster/21745
I
Ice_venom, 2010-12-14 @Ice_venom
I don’t know how it is now, but earlier it was possible to do this by inserting a 1x1px iframe into the site, which loaded a direct link to vote for the user’s proposal.
R
Robotex, 2010-12-14 @Robotex
If she went to the site of the store from VKontakte, then the address of her page was saved in the referrer of the site.
A
Alexander, 2010-12-15 @Awake
it is quite possible to put a button with consent under some frequently-pressed button on the site. Well, then everything is clear as it were.
V
vis0r, 2014-08-25 @vis0r
clickjacking might be fine. As for example here in the example, only the authorization widget is completely invisible. jsfiddle.net/Ej25j
Similar questions
A
S
L
P
�
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question