Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
DenKapone2017-11-02 10:54:50
In contact with
DenKapone, 2017-11-02 10:54:50

Any photos of VK are available just by the link?

Probably a hackneyed question, but I just noticed that all VK photos are available simply by link, that is, they are distributed as static, not a script, and all the privacy of a photo comes down to just an unknown link to a specific photo? That is, if we assume that there are no restrictions on circulation on the server with photos, then theoretically, by brute force selections, you can get all the images? It just became interesting, I'm not registered in other social networks, this is a common practice for social networks and similar typical resources, why not with a script, because of the performance costs?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

4 answer(s)
Report
T
TopestKek, 2017-11-02
@TopestKek

Well, let's count.
https://pp.userapi.com/c841420/v841420082/384c4/vn...
I took a random picture. Suppose that all data in the address can change and take on any value from az, AZ, 0-9. Those. 1 character can have 26*2+10=62 values. In total, we have 33 characters in the c841420v841420082384c4vnjDP3Ol3SM string. So the possible number of values ​​is 62^33 = 1.4E59.
Read about UUID https://ru.wikipedia.org/wiki/UUID. Then see that we have a number 10 ^ 21 times larger.
I don't think there's anything to worry about in this situation.

Report
V
vitaliy2, 2017-11-02
@vitaliy2

It's impossible to sort out the link. If you have the link, then you had access to the photo. And since there was access, then you could save the photo to your computer without any links.
Bottom line: there is no vulnerability.
PS. To enumerate the entire database, you need to enumerate approximately 64^11 * 16^5 * 10^9 * ~10^5 = 7.73 * 10^39 options. If you sort through 100 million per second, then it will take 2453426 320882048 046080519 years (2 septillion years, i.e. 2453 sextillion or 2453426 quintillion).

Report
P
Puma Thailand, 2017-11-02
@opium

You will never have enough
resources to sort out the range

Report
A
Alex Glebov, 2017-11-11
@SkiperX

Imagine that there is a username and password
Reliable?
only here they do not need to be entered, but they are sewn into a link.

pp.userapi.com/c639126/v639126943/5a0a7/qh0SkDx5ulA.jpg

Similar questions
R
Roman Rakzin2016-02-21 01:02:33
How to merge user accounts on the site / VKontakte / Facebook? 2Reply
K
kolomiec_artiom2020-07-06 11:37:00
How to load default profile in Selenium Chrome? 1Reply
F
fiadm2016-02-22 09:53:16
How to remove email request in vk iframe application? 4Reply
O
Outoverlay2016-02-24 21:38:34
Uploading photos to the VK server? 1Reply
D
djrudance2016-02-25 16:18:20
How to make a scrobblink? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question