Sunny Vaghela’s biggest claim to fame has been his discovery of the Orkut vulnerability that got him some airtime and his 15 seconds of fame. Some basic investigation led me to find a pre-dated advisory of the Orkut vulnerability ( Net-Square Orkut advisory) realeased by Net Square (Pallav Khandhar and Saumil Shah) on January 31, 2007, a good 9 months ahead of Vaghela’s claim of discovery of the same. Not just that, Susam Pal and his colleague Vipul Agarwal again wrote about the same vunlerability ( Orkut Server Side Session Management Error) on June 22, 2007 , giving due credit to Net-Square.
There is of course the possibility, however small, that Sunny Vaghela did independently discover this bug well after it was found by Netsquare and he is unaware of the discovery by Netsquare. And we could give him the benefit of doubt for the same.
Sunny Vaghela’s has earned the distinction of being the third Indian to feature on attrition.org Charlatan list right after Ankit Fraudia and Sahil Khan, not a very great company to keep.
Susam Pal has also written about the same of his blog (The Orkut exploit). He has also posted the emails exchanged between him and I.