i m going to tak abt a major security bug in facebook

in facebook the profiles can be determined by your profile ids stored in the db of facebooks db server.
generally it is in the format of

http://www.facebook.com/profile.php?id=xxxxxxxxxxxx

well this xxxxxxxx or something is your profile id in the db.

now lets get onto the point. what if someone have blocked to view some of his/her pictures
well this is a profile id of a girl that i got on facebook
well for the girl i m so sorry

ok this is the url

http://www.facebook.com/profile.php?id=100000604687083

she allowed to view the uploaded pics

but

she has blocked the public from seeing her tagged pics

and well well well; but one thing she forgot to change the wall post privacy settings

and i got the wall posting

now guess what

she was tagged in some pictures and i tried to view them(well this girl is really cute)

now take a look at the url of the tagged pictures

http://www.facebook.com/photo.php?pid=262188&id=100000462027298

just try this url and u will get the pics

the above url reffered to some one else's profile.
now compare both of the urls. further research is going on.i will tell you if i get something else.

and if anyone is intrested in hacking and some stuffz like tat......lemme know...thanks....more next time.....bye...have a nice surfing....happy hacking