this is a small security bug
but it doesnt do any damage basicly
as you know , some persones put a wait time on it to prevent download (up to 180 seconds on some sites)
now the small bug i found , and if i am not wrong it counts for every previeuw mod
in my case the mp3 previeuw mod
in other cases the video preview mod
the security bug i found is if you take a look at the source code that you can find the direct link
as example
http://download.boosterking.com/files/1 ... umln98.mp3
thats what i get when i do a previeuw of this link
http://www.boosterking.com/rsl9w9umln98 ... _.mp3.html
ofcourse you dont see a title on it and are it just numbers for security
but you can download it from there and probaly on max speed to (it bypass dl.cgi so speed limit is bypassed to )
i like to ask if it is posseble to encode that in base64 or so , so the link is not that easy to find
Thank you
Greets From PowerChaos
XFileSharing Pro - security bug (small 1 )
This is not a bug and it does not bypass download limits. It's impossible to fully hide the location.
If you have your own servers you might consider encoding the media files to a smaller format for preview only. This way people are not able to get the full file before they clicked "Generate Link".
Also, the wait time can be easily bypassed too.
If you have your own servers you might consider encoding the media files to a smaller format for preview only. This way people are not able to get the full file before they clicked "Generate Link".
Also, the wait time can be easily bypassed too.
-
- Posts: 521
- Joined: Dec 19, 2009 5:12 pm
its posseble to encode them to base64 or so (base64 is php :s)
so they only see a coded link so they cant download it
there are always some security stuff in it
and making a small previeuw of it is just wasting space ^^
if there are other solutions for it then i preffer them
not that i care about that they do it or not (if they do then they feel the real server power , see it that way)
but i just wanted to let you know about that , so it can maybe be fixed
Greets From PowerChaos
so they only see a coded link so they cant download it
there are always some security stuff in it
and making a small previeuw of it is just wasting space ^^
if there are other solutions for it then i preffer them
not that i care about that they do it or not (if they do then they feel the real server power , see it that way)
but i just wanted to let you know about that , so it can maybe be fixed
Greets From PowerChaos