Network Security: Detailed info on PHP/MySQL image gallery penetration testing

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Security-Basics

[Top] [All Lists]

PHP/MySQL image gallery penetration testing

from [Simon Jolle \"sjolle\"] Network Security

[Permanent Link]

Subject:	PHP/MySQL image gallery penetration testing
Date:	Thu, 25 Oct 2007 18:34:19 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi security list

At our site we have 4 images on the website (rotating every day). The
webdev department doesn't allow me access to the source (additionally I
am a non-programmer)

The URL looks http://www.example.com/image.php?src=imagename.png, where
imagename.png is random generated.

What techniques can be used by a attacker to download every image? What
tools can be used to test potential vulnerabilities?

cheers
Simon

- --
actually, I think Windows Vista has done more than virtually any OS
release to promote the use of Linux (Slashdot comment, 4. Oct 07)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHIMWEEMN/lNE/wrwRAubcAJ0UXU34ca1ijp4J5fNrgsCsDZwg7QCgh9dd
WSbDPq6dZpCGCDKZTsj8tiY=
=2mrF
-----END PGP SIGNATURE-----

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
PHP/MySQL image gallery penetration testing, Simon Jolle \"sjolle\" <= Re: PHP/MySQL image gallery penetration testing, Cory Swanson Re: PHP/MySQL image gallery penetration testing, Simon Jolle \"sjolle\" Re: PHP/MySQL image gallery penetration testing, Daniel Jana

Previous by Date:	Re: Re: NAT external/Public IP, proneetb
Next by Date:	Re: NAT external/Public IP, Brett
Previous by Thread:	Web vs. email vulnerability, SANDER SMITH
Next by Thread:	Re: PHP/MySQL image gallery penetration testing, Cory Swanson
Indexes:	[Date] [Thread] [Top] [All Lists]