24.03.17

02.05.17 17:16:00

go back

Site exploit

so i noticed a website had a serious exploit while browsing through the forum. the site in question hosts video content that are supposed to be only visible to paid members.

Edit: 2:32pm

the site doesn't have open indexes on its folders, so ill just have to write a script that follows its file name pattern.

Edit: 2:40pm

some of these file names have holidays in them. im guessing for holiday specials. ill ignore these since they're so few and manually curl them later.

Edit: 2:46pm

the script is working, curling through the file names then fwriting them to the server. i decided to open a few files that were too small to actually contain content i.e. files with the size of 287bytes.

welp. i should have added a check for 1080"p" .mp4 file names. ill have to manually curl these later too.

Edit: 2:48pm

looks like they've all curled successfully, except for the holiday/p files. now all thats left to do is get these on a hdd not located on a vps.

Total size of stolen files:

75G.