This is w.r.t. http://onetimeurls.databasement.net/index.php
As always, the developers think their code is bullet proof and actually it contains basic flaws. (No offence meant, I'm just being philosophical).
Here is the POC on how to break it.
Paste the following into the textarea on the above page,
And it will break the protection.
As you would have correctly guessed, the code is allowing ANY url to be used.
Solution therefore would be to use hardcoded proto://host:port.
Earlier I was trying a different approach and be on the same page.
I was trying to load "file:///c:/dummy.txt"
and hoping to get exception like
"Security error : access denied to url file:///c:/dummy.txt?rand=xyz"
Let me try some other approach and get back if I find something.
Tuesday, March 20, 2007
Posted by Kishor at 10:11 PM