In other words, you will often see this in hand-written web applications:
https:///www.example.com/webapp/getfile.php?fileid=5121
This is obviously better than having file="\path\to\file.txt", but at least 90% of the time there is no access control on fileid, and every user can browse every other user's files by simply incrementing and decrementing 5121 to 5122, 5123, etc.
I have included an explanatory video of this amazingly complex hack below! :>
No comments:
Post a Comment