• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

finding vunerabilities

forcer

OSNN Senior Addict
#1
i was checking for vunerabilities on a server to see if i could download mp3 files without them knowing, i was successful. i coded the script below, entered the big long url into a box clicked generate and it told me the actual mp3 link.

for instance a url such as:

www.site.net/downloadMP3.php?tune=666%20-%20Devil%20-%20What%20the%20hell%20mix.mp3& uri=L2hvbWUwL2Rhei9wdWJsaWNfaHRtbC9tcDMvY2hvb25zLw
==&id=979

would be decoded with my script and would shoot out the link:

www.site.net/mp3/choons/666 - Devil - What the hell mix.mp3

i click the link and download the mp3.

and this is the code i used:
PHP:
<?php 
if ($_GET['url']) { 
    $tstart = strpos($_GET['url'], 'tune=')+5; 
    $tend = strpos($_GET['url'], '&', $tstart); 
    $tune = urldecode(substr($_GET['url'], $tstart, $tend-$tstart)); 
    $ustart = strpos($_GET['url'], 'uri=')+4; 
    $uend = strpos($_GET['url'], '&', $ustart); 
    $uri = base64_decode(substr($_GET['url'], $ustart, $uend-$ustart)); 
    $url = 'http://www.site.net'.substr($uri, 22).$tune; 
    echo "<font size=\"2\" face=\"Arial, Helvetica, sans-serif\"><a href=\"$url\">$url</a></font>"; 
} 
?>
and the test was successful the mp3 downloaded.

but for the second test we used a random number uri. Meaning the download link is:

http://www.site.net/downloadMP3.php?tune=Acida%20-%20Acida.mp3&uri=loCAxc/unOdDIusitlwAAzptpfjpBrwHd&id=195

and when i put that through my script above it shoots out a link like this:

http://www.site.net¼Acida - Acida.mp3

which works, apart from it hides the directory which is mp3/choons/ with ¼

we are still looking for a way around this.

how can this url be decoded and display the correct url. any help or comments highly appreciated
 

Members online

No members online now.

Latest posts

Latest profile posts

Hello, is there anybody in there? Just nod if you can hear me ...
Xie
What a long strange trip it's been. =)

Forum statistics

Threads
61,961
Messages
673,239
Members
89,017
Latest member
bettyicrewsi