forcer
OSNN Senior Addict
- Joined
- 18 Oct 2002
- Messages
- 413
i was checking for vunerabilities on a server to see if i could download mp3 files without them knowing, i was successful. i coded the script below, entered the big long url into a box clicked generate and it told me the actual mp3 link.
for instance a url such as:
www.site.net/downloadMP3.php?tune=666%20-%20Devil%20-%20What%20the%20hell%20mix.mp3& uri=L2hvbWUwL2Rhei9wdWJsaWNfaHRtbC9tcDMvY2hvb25zLw
==&id=979
would be decoded with my script and would shoot out the link:
www.site.net/mp3/choons/666 - Devil - What the hell mix.mp3
i click the link and download the mp3.
and this is the code i used:
and the test was successful the mp3 downloaded.
but for the second test we used a random number uri. Meaning the download link is:
http://www.site.net/downloadMP3.php?tune=Acida%20-%20Acida.mp3&uri=loCAxc/unOdDIusitlwAAzptpfjpBrwHd&id=195
and when i put that through my script above it shoots out a link like this:
http://www.site.net¼Acida - Acida.mp3
which works, apart from it hides the directory which is mp3/choons/ with ¼
we are still looking for a way around this.
how can this url be decoded and display the correct url. any help or comments highly appreciated
for instance a url such as:
www.site.net/downloadMP3.php?tune=666%20-%20Devil%20-%20What%20the%20hell%20mix.mp3& uri=L2hvbWUwL2Rhei9wdWJsaWNfaHRtbC9tcDMvY2hvb25zLw
==&id=979
would be decoded with my script and would shoot out the link:
www.site.net/mp3/choons/666 - Devil - What the hell mix.mp3
i click the link and download the mp3.
and this is the code i used:
PHP:
<?php
if ($_GET['url']) {
$tstart = strpos($_GET['url'], 'tune=')+5;
$tend = strpos($_GET['url'], '&', $tstart);
$tune = urldecode(substr($_GET['url'], $tstart, $tend-$tstart));
$ustart = strpos($_GET['url'], 'uri=')+4;
$uend = strpos($_GET['url'], '&', $ustart);
$uri = base64_decode(substr($_GET['url'], $ustart, $uend-$ustart));
$url = 'http://www.site.net'.substr($uri, 22).$tune;
echo "<font size=\"2\" face=\"Arial, Helvetica, sans-serif\"><a href=\"$url\">$url</a></font>";
}
?>
and the test was successful the mp3 downloaded.
but for the second test we used a random number uri. Meaning the download link is:
http://www.site.net/downloadMP3.php?tune=Acida%20-%20Acida.mp3&uri=loCAxc/unOdDIusitlwAAzptpfjpBrwHd&id=195
and when i put that through my script above it shoots out a link like this:
http://www.site.net¼Acida - Acida.mp3
which works, apart from it hides the directory which is mp3/choons/ with ¼
we are still looking for a way around this.
how can this url be decoded and display the correct url. any help or comments highly appreciated