1. Home
  2. Categories
  3. Side Bar WTF
  4. Must... resist... changing... URL

Must... resist... changing... URL

  • O

    Today when downloading a PDF document from the website of a major European transportation company, I found this, well tempting URL: (a bit anonymized)

    http://www.aaaaa.aa/aa/BlobServer?blobtable=Download&blobcol=urldownload&blobheader=application/pdf&blobkey=id&blobwhere=1148305352829&ssbinary=true&filename=file.pdf

    Does that URL scream "try to change me!" or not?

    Possibly, it's secured by some sort of whitelist but I doubt it :) I probably should inform them about it, but there have been more than one case here of people having their computers confiscated, by the police, for "hacking" when informing companies about possible security problems :(

    0
  • D

    @obs said:

    Possibly, it's secured by some sort of whitelist but I doubt it :) I probably should inform them about it, but there have been more than one case here of people having their computers confiscated, by the police, for "hacking" when informing companies about possible security problems :(

    The Real WTF(tm) is that you are so intimidated by draconian European computer security laws that you won't even tinker with a URL...

    0 The_Quiet_One 1 Reply
  • F

    "Everybody lie. The guilty lie because they have to. The innocent because they don't want to be accused of something they didn't do."

    A sad truth. 

    0
  • ?

    @djork said:

    @obs said:

    Possibly, it's secured by some sort of whitelist but I doubt it :) I probably should inform them about it, but there have been more than one case here of people having their computers confiscated, by the police, for "hacking" when informing companies about possible security problems :(

    The Real WTF(tm) is that you are so intimidated by draconian European computer security laws that you won't even tinker with a URL...

    http://news.zdnet.co.uk/leader/0,1000002982,39226981,00.htm

     

    0 morbiuswilters 1 Reply
  • Arancaytar

    "directory traversal attack" is the most WTF thing I have ever heard.

    It's about as good security as a warning saying "DO NOT EDIT ANY PAGES ON THIS SITE IF YOU ARE NOT THE ADMIN."

    0 mott555 O DCRoss G R 11 Replies
  • M

    Short googling for this url shows also other sites. Maybe the word table does not really mean SQL table here. http://freshmeat.net/projects/drbs/

    0
Log in to reply