Home page logo
/

basics logo Security Basics mailing list archives

PHP/MySQL image gallery penetration testing
From: "Simon Jolle \"sjolle\"" <urandomdev () gmail com>
Date: Thu, 25 Oct 2007 18:34:19 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi security list

At our site we have 4 images on the website (rotating every day). The
webdev department doesn't allow me access to the source (additionally I
am a non-programmer)

The URL looks http://www.example.com/image.php?src=imagename.png, where
imagename.png is random generated.

What techniques can be used by a attacker to download every image? What
tools can be used to test potential vulnerabilities?

cheers
Simon

- --
actually, I think Windows Vista has done more than virtually any OS
release to promote the use of Linux (Slashdot comment, 4. Oct 07)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHIMWEEMN/lNE/wrwRAubcAJ0UXU34ca1ijp4J5fNrgsCsDZwg7QCgh9dd
WSbDPq6dZpCGCDKZTsj8tiY=
=2mrF
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]