I just sent Paris Hilton a beer.

Anonymously, of course. We're not even friends. I can't see her profile. But the hotel heiress now has a Guinness courtesy of yours truly, just one more example of how certain Facebook applications can be broken with a little ingenuity. Sending Free Gifts to anyone using the application is a fun way to screw with your friends, but it's only the tip of the exploit iceberg that Facebook's applications have opened up. Here's how it works:

First, you need to grab a fun little Firefox extension called Firebug. It opens up web pages to tweaking in a variety of fun, form-intensive methods. Install the Free Gifts application on Facebook and surf on over to the sending page. Select a gift, click Anonymous, and enter the name of one of your friends in the To: field. In two separate windows, surf to Facebook yet again and pull up your friend's profile, as well as some means for finding your target's ID number (as detailed earlier). Remember your friend's Facebook ID number, and surf on back to the Free Gifts sending page.

Right-click on the Send Gift button and click Inspect Element. Then click on the Dom tab at the top of Firebug's little window. Scroll down--you're looking for the To: field. When you find it, you'll see an number. Guess what? That's the Facebook ID number of the person you entered in the To: field! Click on the number and Firebug will open up a large list of other options. Scroll down until you've found the "Value" field--it should be right below the "Type: Hidden" option. Double-click on the ID number and enter the target's Facebook ID in quotes. Hit Enter, then turn your attention to the Free Gifts sending page and hit Send Gift. Blam. One anonymous gift to someone who isn't your friend / has blocked you / whatever.

You'll go blind trying to find it, but your key to Free Gift sending is that little To field that pushes out your recipient's Facebook ID. Replace it with a new target and fire away!

That's just the tip of the iceberg, as I mentioned earlier. The Consumerist has a nice little write-up on other potential exploits, including one that allows you to set the Mood of your friends for them! That said, 2600 ran this information in their Winter Issue, so check that out for even more details! Or just surf on over to one of the original sources of the exploits, the defunct Facebook Application Smashing blog.

While Facebook itself--the service's core functions--are relatively exploit-free, mark my words: these applications will open up a world of open doors for industrious Facebook tricksters. We'll update as we find more fun things to do!