Title has Rediff, what else is it going to be ? Yet another bug in their app. This time, the app is in their Chat Application. Background of the application is … they invite some celebrity or counsellor or some expert in some field and enable them chat with the usual rediff junta.

Now, the app, doesn’t allow any two users to login with same username (even if you juggle with uppercase and lowercase). Well, Wow rediff. +1 for you.

Uhmm okay. Let me login as SRK for now. Now, this is the app.

Now, the bug … You can see that, there are already few guys chatting there and I can type my question in a box on the bottom right corner. If you clearly see, thats a frame. Now, let me open that frame in a new tab.

Now, see the URL, my username is in the query. Of course, doing that is so reddity. Now, let me change that to some other name, uhmmm say Aftab.

Note from the first image that there is already another user named logged in with id “AFTAB”. Now, Of course, you can post any message with his ID and make him wonder when did he do that.

Thats my message on top telling those guys that I’m not Aftab and the chat is NOT now, but tomorrow. Thats the story. Login and post as any user in one and only Rediff Live Chat. I didn’t want to check the possibilities of XSS there as there are few other people logged in and I don’t want to annoy them with my tests. Any way, rediff, I don’t expect you to fix the bug as … You didn’t really fix one of the bugs I reported TWO long years before. Come on, you must be kidding me. That’s your damn shopping portal.

There is a rule #0 for every web developer. Never trust the end user, always sanitize the content and that’s some thing I don’t know why rediff developers never do.

I love rediff. I love it a lot. I’m aware that I’m contradicting myself. There are loads of posts where I’ve accepted the fact that I hate rediff. But, come on. Do you think life would be great with no stupid thing around you to make fun of ? or atleast do you think that life would rock in monochrome ? Rediff brings lots of colors of my day, every damn day. Well, I should tell that its not rediff, but its rediff comments which do that. If any of you guys have seen Southpark, and loved/hated the character Eric Cartman in it, yeah, trust me, You will love comments on rediff. About Cartman, You’ve to read this at Wikipedia. For the lazy folks, here are the tags for you from the content - fat, mean, immature, brat, aggressive, cunning, sociopathy, theorizing, sadistic. Each of these tags can be used to tag most (atleast 80-90%) of the comments at Rediff. Here are few examples of the comments.

• “Power of Bhudhism! Its time India give up following Rama and follow the reformist Budha!”

Guess the context of the above comment. Take a minute and try to come up with some thoughts about it. Try to go beyond your wildest imagination. Uhmm, Dalai lama, or Tibet issue or Chinese ? Ah, no. You are completely wrong. This is a comment on India Vs Srilanka Asia Cup Final match, where India has lost. This great guy came up with theory that in match between Buddha and Rama, Buddha won. Well, other that the above intelligent comment, the other comments include, Sachin is God. Dada is God, Dhoni is a dhobi, Uthapa Sux, Bring back Dravid, Sehwag cant become Sachin, and Karma. Yeah, you read it correct, karma. One guy thinks that Indian govt supports Srilankan govt to kill innocent people so, we lost Asia Cup final.

• “Rajanikanth has a deep and abiding respect for human life… unless it gets in his way. There is no such thing as global warming. Rajanikanth was cold, so he turned the sun up. Rajanikanth can set ants on fire with a magnifying glass. At night. “

Now, another comment. Guess the context of this great comment. Sivaji movie ? Tamil movie ? South Indian Movie ? South Indian Movie stars ? Hehe, Na. It was a comment on a post where Amitabh praised Smita Patil’s son for his performance in “Jaane tu .. ya jaane na”. Few other comments on this post include, “BJP Should have supported the deal”. No wonder why he was talking about Nuclear deal on this post. And another guy thinks that Rediff dint receive money from Aamir Khan, so they are praising Smita Patil’s son here. Ultimate Genius. I found these comments in last one hour. Now, expect the fun you can have when you read rediff comments regularly. But, do remember, over dosage of anything is not good for health. You might even lose your sense of humour because of the immature nature of the comments. So, whenever you are bored, or whenever you feel like you are dumb or stupid, you know where to go.

• Well, for the final touch, here is a great topic in Get Ahead of Rediff titled “I love my maid - should I leave my wife ?”

And for your information, this topic made to the front page of Rediff. Dont forget to read comments on it, especially this one to know the nature of guys posting comments there. After reading few ultra-stupid comments on rediff and few ultra-ultra non-sense articles like this, now I feel like doing something like Cartman. “Screw you rediff, I’m going home !”

Something more free from Rediff ?
Hell Yeah.

Whats that ?
URL redirection service.

Ads ?
Come on, its rediff, there will be Ads.

What makes it different from other URL redirection services ?
Other URL redirection services are created by themselves. Here, even rediff doesn’t know that it got one too !!!

What ?
okay, in clear words, yet another stupid implementation by rediff.

Where ?
here - > http://www.rediff.com/login/inredirect.php?url=http://karteek.selfdabba.com

What does it do ?
Arghh !!! Click on it !! -> K World

Wow. Anything more in it ?
Uhmm, you want more and rediff will never say No. Yeah, it got XSS in it too.

Double Wow. Show me, show me !!
Well, Neither I can tell no. Click this.

Can I use it for anything more ?
Hell, yeah. How about printing your name there on that page ?

Triple Wow. Show me, show me.
Dude, not going to show you this. But, yeah. Will give you a hint. Document.write in Javascript. And you know how to inject javascript into that page

What ? Do I know ?
Fck. Thats why I should have kept a disclaimer on the top that this post aint for everyone. XSS is Cross Site Scripting, where you would just inject javascript in to another site.

Oh. okay. What do I do now ?
Uhmm, how about one fair deal. I will show you all the bugs I/others found in rediff and you stop using it ?

Yeah. I’m in.
Just goto Xssed.com and search for rediff. Lazy guys like me, click this.

Well, when you hate something, you’ve to accept that it got your attention in a way or other. So, you tend to think about it. I’m no excuse. Just coz, I hate rediff, I started looking for XSS (Cross Site Scripting) bugs. Well, there are a total of listed in XSSed and I found a good number to prove that rediff is a very-bad coded portal. One can view this page to see the bugs and see the elite-ness of rediff.

The important services of that are vulnerable, which are offered by rediff include its homepages and shopping. If you remember those dark old days of orkut when those so-called hackers took over communities they hate, it was done by exploiting the XSS vulnerability in orkut, that time. Now, you can understand, whoever have their homepages on rediff, or/and people who do shopping @ rediff are not using a secure service.

PS: Having XSS in a site doesn’t make it a worst site as even MS, Google, Yahoo had/have them. Even the MNC which I work for, had a similar bug in their portal, but, it was fixed as soon as they were notified through a specific channel. But, I don’t know why portals like rediff and mouthshut employ stubborn webmasters who hate to accept that their code has bugs. They must have either ignored or never read my mails.

There is one Indian Portal which writes articles like … who is the hottest item girl, Sharapova in sizzling red etc etc, but it won’t write that today (Aug 29) is National Sports Day. That is why Arjun awards as well as Khel Ratna awards are given today.

Why do we celebrate Aug 29 as National Sports Day ? It is coz, its birthday of a great guy, who can be compared to Pele, Sir Don Bradman when it comes to his particular sport. To be frank, he is considered as the greatest player ever played that game. But, it is sad that we don’t know him as much as we know Anna Kournikova or Sania Mirza even though they are mediocre in their game.

His game was superior that many people thought that he is magician. Tokyo officials broke his stick to search for magnet in it and tried to console themselves telling that he added some sort of glue. He was supposedly offered a place of Field Marshal in German Army by Adolf Hitler. Guess, you got it now. He is none other than Dhyan Chand. It is very sad that I can’t see/hear his name on any portal or a news channel today when National Sports Day is celebrated on occasion of his birthday.

To finish, He was part of India’s first three Olympics Gold winning National Hockey Team. Team India reached finals of Olympics eight times in a row and won seven Golds and one Silver. In this not-so favorite game of Indians(favorite being Cricket), India won eight Olympic Golds and Aus, with four Olympic Golds is second in the table.