Photos of vk user. How to view hidden photos on VKontakte. Search by images from Yandex

There are many publics on VKontakte, such as: 90-60-90, 40 KG, Sports girls. In these public pages, users post photos of their figures, photographs "before" and "after" diet / exercise, and more. The total number of photographs in the albums of these groups sometimes exceeds tens of thousands. Laying out photos, many do not think about the consequences, naively believing that if you throw your photo into thousands of similar ones, then no one will find it. The process of searching for photos of a specific user in groups is described under the cut.

Formulation of the problem

1. uid - VK user ID
2. gid - VK group ID

It is necessary:

1. Find all photos of user uid posted in group gid
2. Determine which album each photo is in

API VK

There is no method in contact to directly obtain photos published by a specific user in a specific group. However, you can achieve the desired result according to the following scheme:
1. Get the list of albums using the photos.getAlbums method:

VK.api ("photos.getAlbums", (gid: gid), function (result) (if (result.response) (// The list of albums is in the result.response array // The album ID is in the aid field) else (/ / Failed to get the list of albums)));

2. Get a list of photos in the album (aid) using the photos.get method:

VK.api ("photos.get", (gid: gid, aid: aid), function (result) (if (result.response) (// The list of photos is in the result.response array // The photo owner's ID is in the field owner_id // The photo ID is contained in the pid field) else (// Failed to get the list of photos in the album)));

3. Get the URL of the photo using the photos.getById method

VK.api ("photos.getById", (photos: pids), function (result) (if (result.response) (for (var i \u003d 0; i

How to speed up your search?

Going through all the groups is a rather lengthy process and launching it every time you search for a photograph of a specific person is not advisable. To speed up the search, it is enough to index all the photos by adding the index to the internal table.
It is enough to contain 3 fields in the table:

• uid - user ID
• gid - group ID
• pid - photo ID

After indexing the groups, just run the query

SELECT * FROM table WHERE uid \u003d uid

Find friends photos

Using the friends.get method, you can get a list of friends, and then search the database to get photos of friends:

VK.api ("friends.get", (user_id: uid), function (result) (if (result.response) (// Next, we search for photos by friends ID)));

Links

• Site for searching photos: photovk.ru
• VK application for searching photos:

It is difficult to find a computer user who would not have heard or registered in the VKontakte social network. Internet communication has captured modern people so much that without them we can no longer imagine our leisure time, and what is there, in general, our life. Having your own VK page, you involuntarily notice a lot of nuances that this resource is fraught with, but not all of them are easy to cope with. For many users, all these subtleties and wisdom cause difficulties, so you cannot do without outside help.

For example, there are many questions about how hidden photos are on VKontakte. But it so happens that, and you desperately need to see his pictures. I will not talk about the ethical side of this intention, but I will offer you a method that may help.

How to hide photos

Before going directly to the topic of this article, I would like to remind you how you can hide your photos. I think that such information will be interesting to many, and those who already own it can refresh their knowledge. So, this is the case:

1. Go to VKontakte, having previously entered your personal login information.
2. In the left part of the window, find the line "My settings", click on it.
3. Next, open the "Privacy" tab.
4. There will be a list of settings that you can change to your liking. Here you can also,. Among them, find "Who sees the photos on which I was tagged." Nearby there is a drop-down list that allows you to select the circle of people who will see your photos. So, you can choose "Friends only" or hide pictures from everyone altogether by clicking "Just me".

After these settings, the changes take effect immediately.

How to view hidden photos

Now, in fact, to the main question: how to view photos of people who have restricted access? There is no direct answer to this question, because the VK administration assumes that someone else's privacy should be respected. However, if the situation is such that there are no options, I suggest you use this option.

I would like to draw your attention to the fact that this method is not approved by the VK administration, so it may stop working at any time. There is no one-size-fits-all recipe, so don't put too much hope. Anyway, good luck!

Many users restrict access to viewing their photos using. Or such an option is possible when the albums are not published on the page - you just do not know how to enter them (see).

But I really want to see what the user has hidden. Let's figure it out how to view hidden photos of VKontakte.

We use the page id to view hidden photos

Go to the page to the desired user, and copy his id from the address bar (see).

In the event that there is no digital id value, and instead of it the nickname selected by the user is indicated, then you need to do the following.

You need to go to view any part of the user profile. The easiest way is to open an avatar.

Now go back to the address bar. Find the next part of the code "z \u003d photo233054".

The numbers after the word "photo" are id. In this case, this is such a value - 233054. Now let's move on to the next step.

How to view closed photos and VKontakte albums

If you look at the page of the user whose id we just received, you will see that only one photo is available for viewing. And there is no “Photo Albums” block. So all photos and albums are hidden (see).

So let's see them already. To do this, go to the address bar again, and type the following text:

Https://vk.com/albums***

As you can see, there are over 500 photos here.

There is an alternative code. Here he is:

Https://vk.com/id***?z\u003dalbums***

Enter it into the address bar, and instead of asterisks, write id again. Then "Enter". The result will be the same.

February 10, 2016 at 03:23 PM

VKontakte vulnerability: access to photo previews from dialogs and hidden albums of any user

Short

A vulnerability was discovered in the mobile version of the vk.com website. It allowed viewing previews of hidden photos, including photos from user dialogs, plus it was possible to get information about users who liked this hidden photo. At the moment, the vulnerability is gone - it was fixed six months ago. VKontakte expressed gratitude in the amount of $ 700 (no, not in votes).

How it all began

During the session, you are distracted by everything, just not to prepare for exams. So, when I saw about the Bug Bounty program from VKontakte on hackerone.com, instead of preparing for exams, I began to look for vulnerabilities. For some reason, I immediately felt the urge to look for vulnerabilities associated with photographs with hidden privacy settings, and as it turned out, it was not in vain.

Search for vulnerabilities on the full version of the site

Assuming that I knew the id of the hidden photo (about finding it, see below), I started trying to substitute this id in all sorts of curl requests - I tried to save hidden images to my album, tag myself on them, like, repost, etc. nothing gave a positive result until I tried to just send a hidden photo to my wall. The result was strange - the request returned the correct result in the console and a new post appeared on the wall, but its content was empty. No matter how hard I tried, everything was suppressed on the server attempts to send a hidden photo to the wall - the posts were empty.

Switching to mobile version

Then, I remembered this comment and decided to try to do the same in the mobile version of the site.

We send a photo to the wall:

Curl "http://m.vk.com/wall53083705" -H "Cookie: remixsid \u003d # remixsid" --data "act \u003d post & hash \u003d # hash & attach1_type \u003d photo & attach1 \u003d idOwnerPhoto_idHiddenPhoto" # id of the photo consists of two parts separated by an underscore id OwnerPhoto_idHidden
This request was not executed correctly, but after refreshing the page, I was surprised to find that an attached miniature copy of the photo appeared on the submission form.

The maximum photo size is 130x130, but this is enough to, for example, recognize faces in a photo. Attempts to get a link to the full photo have come to nothing. Apparently, after closing this vulnerability, direct links to the full size cannot be simply obtained from the mobile version of the site.

Going through photos

Vulnerability found. To exploit the vulnerability found, you need to get the id of the photo being attacked.

The photo ID consists of two parts: photo12345_330000000 (Owner_id_idPhoto), the second part - grows from photo to photo, but this is not a normal auto-increment. Since the algorithm for choosing a step is unknown, we will iterate through it with step 1.

To iterate over, we will use the api method photos.delete ... This method for all existing photos (including hidden ones) will return error_code: 15. And for all non-existent id photos, one will be returned.

Search speed

Learn how to quickly cycle through your photos in this article. Yes, the data in it is not the newest, but even if we take into account that the number of photos has doubled over the year, the search time is still acceptable.

to find out direct links to the user's photos, for example, for the last year, you need to sort out only 30 million (from _320000000 to _350000000) different variations of links

Taking advantage of the search accelerations from the specified article, the user's photos could be enumerated:

in 1 minute to get all your photos of yesterday, in 7 minutes - all photos uploaded last week, in 20 minutes - last month, in 2 hours - last year.

Screening open / hidden

Having received links to all (both hidden and open) photos of the user, you can select only hidden ones by trying to get information about the photo using the photos.getById method. Those photos, information about which is not returned by this method, are hidden.

Information about users who liked

It was also possible to recognize users who liked the hidden photo. The likes.getList method returned all users who added the given object to their list I like, even if this object is hidden for the user running this method.

Report on hackerone

My report was opened in June. We closed the vulnerability after two and a half months without telling me anything. A month later, I received a reply that the vulnerability was confirmed and closed. And after a while I received a reward.

P.S .: for those who are trying to withdraw rewards from hackerone.com to a new paypal account for the first time, I advise you to carefully read the terms. Paypal, when transferring funds, may, without your consent, convert the remuneration into the currency of the country specified in your profile.

Today we will tell you, dear readers, about one extremely unusual feature that is present in VK - the search for similar photos, when you can find users who have the same image uploaded in their profile.

Why is this necessary, you ask? There are two main reasons.

• First. By searching for duplicate images, you can always find (or not find) the person who uses your photos. In other words, you can find your own clones.

• The second reason. Let's say you need to find a person, and you only have a photograph of him. With its help, you can use the search for pictures in VK and, quite possibly, you will find the person you are looking for.

It is worth noting that there are a lot of photo search services, for example, the same Google has it, but in this case the search is carried out not all over the Internet, but only on VKontakte.

We are looking for a user by the picture

Let's start searching. Let's say we need to find clones or users who have a certain photo loaded.

The first step is to open the picture we are looking for. If it is not uploaded to your photo album, upload it.

Open the picture, for example:

We look at the address bar of the browser. You should see an address that looks like this: https://vk.com/photo********_384******... Under the stars photo ******** yours is hiding, and the numbers 384****** that are after the underscore is the photo number. Copy this address, but without https://vk.com/, that is, you should get photo ******** _ 384 ******.

We close the tab or leave it open and open a new one, go to the VK page and select the "My news" section in the menu. You will see a news feed:

If next to the "Ribbon" subsection is the "Photos" item, skip this step. If the item is missing, click on the cross and add the item "Photos".

Click on the item "Photos". The search bar "Search by Photos" appears.

We write a word in a line copy: and add a link to the photo that we copied earlier, that is, you should get something like this: copy: photo ******** _ 384 ******... Please note that the asterisks are just an example, below them are the id and serial number of the photo! For example, if we take a certain photo of Pavel Durov for the search, then in the line we need to write, for example, copy: photo1_327778612, where photo1 is the user id (Durov in this case), and 327778612 is the serial number of the photo. Then press the Enter key.

In our case, we managed to find 7 identical photographs.

If you click on each of them, you can see which user or in which public the image was uploaded. Probably, the search is carried out only on those photos that are in the public domain. We did not manage to find pictures closed from viewing.