Hacker News new | comments | show | ask | jobs | submit login

Glancing at the source code http://mikescoding.com/imageshack/index.phps for 30 seconds, it seems the way this works is that the uploader IP address is retrieved from some XML file on the imageshack servers. It seems every image on imageshack has a corresponding metadata XML file stored at a secret location, but the algorithm to calculate this URL was exposed during the earlier pastebin leak?



The XML URL is calculated by taking the image's filename (minus the extension), calculating the MD5 hash of that + a static salt (which is visible in the source), then replacing the image extension with the first 10 chars of the hash + ".xml". Example [1]. What type of third party would they be giving this API to?

[1] http://img236.imageshack.us/img236/3432/as8132329zz9.d907da5...


That link is 404'ing for me. Did they close this already?


They 403'd this specific link it looks like. An image I uploaded about an hour ago seems to be working still. [1] is the data it returned for the 403'd image. Here's [2] some Ruby code if you want to try it out yourself

[1] http://pastie.org/5393401 [2] http://pastie.org/5393444


That's what I'm guessing, but I wish the linked blog post was a bit more descriptive.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: