Security Basics mailing list archives
PHP/MySQL image gallery penetration testing
From: "Simon Jolle \"sjolle\"" <urandomdev () gmail com>
Date: Thu, 25 Oct 2007 18:34:19 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi security list At our site we have 4 images on the website (rotating every day). The webdev department doesn't allow me access to the source (additionally I am a non-programmer) The URL looks http://www.example.com/image.php?src=imagename.png, where imagename.png is random generated. What techniques can be used by a attacker to download every image? What tools can be used to test potential vulnerabilities? cheers Simon - -- actually, I think Windows Vista has done more than virtually any OS release to promote the use of Linux (Slashdot comment, 4. Oct 07) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHIMWEEMN/lNE/wrwRAubcAJ0UXU34ca1ijp4J5fNrgsCsDZwg7QCgh9dd WSbDPq6dZpCGCDKZTsj8tiY= =2mrF -----END PGP SIGNATURE-----
Current thread:
- PHP/MySQL image gallery penetration testing Simon Jolle "sjolle" (Oct 25)
- Re: PHP/MySQL image gallery penetration testing Cory Swanson (Oct 25)
- Re: PHP/MySQL image gallery penetration testing Simon Jolle "sjolle" (Oct 26)
- Re: PHP/MySQL image gallery penetration testing Daniel Jana (Oct 29)
- Re: PHP/MySQL image gallery penetration testing Simon Jolle "sjolle" (Oct 26)
- Re: PHP/MySQL image gallery penetration testing Cory Swanson (Oct 25)