mailing list archives
Re: PHP/MySQL image gallery penetration testing
From: Cory Swanson <cory () spydertechsolutions com>
Date: Thu, 25 Oct 2007 15:44:21 -0600
May I ask why one would be concerned with being able to download all 4
images from the site at once? You said that they rotate every day so
couldn't they just wait a day at a time and Right-Click / Save-As ? Do
these images contain important information which someone would want to
have right away?
I'm sorry but I just can't see why this would be a vulnerability unless
you were running an image hosting site like imagevenue.com or something
and didn't want people leeching entire galleries at once and eating
Perhaps you can provide more information.
On Thu, 2007-10-25 at 18:34 +0200, Simon Jolle "sjolle" wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hi security list
At our site we have 4 images on the website (rotating every day). The
webdev department doesn't allow me access to the source (additionally I
am a non-programmer)
The URL looks http://www.example.com/image.php?src=imagename.png, where
imagename.png is random generated.
What techniques can be used by a attacker to download every image? What
tools can be used to test potential vulnerabilities?
actually, I think Windows Vista has done more than virtually any OS
release to promote the use of Linux (Slashdot comment, 4. Oct 07)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
-----END PGP SIGNATURE-----
Director - Spyder Technology
Office (208) 947-4693
Mobile (208) 695-5110