Hacker Newsnew | comments | ask | jobs | submitlogin
0x0 519 days ago | link | parent

Glancing at the source code http://mikescoding.com/imageshack/index.phps for 30 seconds, it seems the way this works is that the uploader IP address is retrieved from some XML file on the imageshack servers. It seems every image on imageshack has a corresponding metadata XML file stored at a secret location, but the algorithm to calculate this URL was exposed during the earlier pastebin leak?


landr0id 519 days ago | link

The XML URL is calculated by taking the image's filename (minus the extension), calculating the MD5 hash of that + a static salt (which is visible in the source), then replacing the image extension with the first 10 chars of the hash + ".xml". Example [1]. What type of third party would they be giving this API to?

[1] http://img236.imageshack.us/img236/3432/as8132329zz9.d907da5...

-----

0x0 519 days ago | link

That link is 404'ing for me. Did they close this already?

-----

landr0id 519 days ago | link

They 403'd this specific link it looks like. An image I uploaded about an hour ago seems to be working still. [1] is the data it returned for the 403'd image. Here's [2] some Ruby code if you want to try it out yourself

[1] http://pastie.org/5393401 [2] http://pastie.org/5393444

-----

jimktrains2 519 days ago | link

That's what I'm guessing, but I wish the linked blog post was a bit more descriptive.

-----




Lists | RSS | Bookmarklet | Guidelines | FAQ | DMCA | News News | Feature Requests | Bugs | Y Combinator | Apply | Library

Search: