security bug (small 1 )

[PowerChaos]

this is a small security bug

but it doesnt do any damage basicly

as you know , some persones put a wait time on it to prevent download (up to 180 seconds on some sites)

now the small bug i found , and if i am not wrong it counts for every previeuw mod

in my case the mp3 previeuw mod

in other cases the video preview mod


the security bug i found is if you take a look at the source code that you can find the direct link

as example

http://download.boosterking.com/files/1/qlf3ypgky7sfs9/rsl9w9umln98.mp3

thats what i get when i do a previeuw of this link
http://www.boosterking.com/rsl9w9umln98/money_money_money_-_BoosterKing_-_.mp3.html

ofcourse you dont see a title on it and are it just numbers for security
but you can download it from there and probaly on max speed to (it bypass dl.cgi so speed limit is bypassed to )

i like to ask if it is posseble to encode that in base64 or so , so the link is not that easy to find

Thank you
Greets From PowerChaos

[komi]

This is not a bug and it does not bypass download limits. It's impossible to fully hide the location.

If you have your own servers you might consider encoding the media files to a smaller format for preview only. This way people are not able to get the full file before they clicked "Generate Link".

Also, the wait time can be easily bypassed too.

[PowerChaos]

its posseble to encode them to base64 or so (base64 is php :s)

so they only see a coded link so they cant download it

there are always some security stuff in it
and making a small previeuw of it is just wasting space ^^

if there are other solutions for it then i preffer them
not that i care about that they do it or not (if they do then they feel the real server power , see it that way)

but i just wanted to let you know about that , so it can maybe be fixed

Greets From PowerChaos