Posted January 11, 200718 yr I figured I'd see how many people were stupid enough to link to their pictures, and thus make them public. Turns out you can find quite a few of them with google images: hxxp://www.google.com/images?svnum=50&hl=en&lr=&safe=off&q=http%3A%2F%2Fimg***.imageshack.us%2F&btnG=Search If you want to search for image files with certain chars in their filename, just add the term after the search string, like this: hxxp://img***.imageshack.us/ nudes -------------------------- inurl:".php?file=" ----------------------- inurl:".php?file=" inurl:".php?include=" inurl:".php?datei=" inurl:".php?content=" some of them are not protected against '..'. Parent Directory Example: hxxp://www.somesite.com/content.php?file=imprint.txt The content.php script calls readfile($_GET["file"]) to display files given via the file-argument from the current directory. You can easily abuse it to gain passwd: hxxp://www.somesite.com/content.php?.../../etc/passwd
January 11, 200718 yr I figured I'd see how many people were stupid enough to link to their pictures, and thus make them public. Turns out you can find quite a few of them with google images: hxxp://www.google.com/images?svnum=50&hl=en&lr=&safe=off&q=http%3A%2F%2Fimg***.imageshack.us%2F&btnG=Search If you want to search for image files with certain chars in their filename, just add the term after the search string, like this: hxxp://img***.imageshack.us/ nudes -------------------------- inurl:".php?file=" ----------------------- inurl:".php?file=" inurl:".php?include=" inurl:".php?datei=" inurl:".php?content=" some of them are not protected against '..'. Parent Directory Example: hxxp://www.somesite.com/content.php?file=imprint.txt The content.php script calls readfile($_GET["file"]) to display files given via the file-argument from the current directory. You can easily abuse it to gain passwd: hxxp://www.somesite.com/content.php?.../../etc/passwd I actually have no idea what you're saying.
January 12, 200718 yr TROLLS This could actually be useful, thanks. QFT Tom, you gonna come chill with the DVC crew for the drinking contest this Saturday? Bring some thizz pills.
January 12, 200718 yr I figured I'd see how many people were stupid enough to link to their pictures, and thus make them public. Turns out you can find quite a few of them with google images: hxxp://www.google.com/images?svnum=50&hl=en&lr=&safe=off&q=http%3A%2F%2Fimg***.imageshack.us%2F&btnG=Search If you want to search for image files with certain chars in their filename, just add the term after the search string, like this: hxxp://img***.imageshack.us/ nudes -------------------------- inurl:".php?file=" ----------------------- inurl:".php?file=" inurl:".php?include=" inurl:".php?datei=" inurl:".php?content=" some of them are not protected against '..'. Parent Directory Example: hxxp://www.somesite.com/content.php?file=imprint.txt The content.php script calls readfile($_GET["file"]) to display files given via the file-argument from the current directory. You can easily abuse it to gain passwd: hxxp://www.somesite.com/content.php?.../../etc/passwd UM HAI WELCOME TO REMOTE FILE INCLUSION 101
