curl-library
Re: Resolve file location
Date: Wed, 23 Jul 2008 12:58:36 -0500
On Wed, Jul 23, 2008 at 12:34 PM, Blue Hawk <bluehawk204_at_hotmail.com> wrote:
> I am curious how a particular site works. Its main page is
> http://site.com/page.php
> when i visit a page its
> http://site.com/page.php?id=123456
>
> Then, when i download a file or image its
> http://site.com/dl.php?id=123456&start=1
>
> I looked at the html of the page and the images seem to be in sub
> directories. But the image that the id point to isnt. I tried getting the
> header (no need to login which is nice. I did this while killing time before
> my other question was answered) and i recieved the below. How is the image
> or file being stored and is there a way i can resolve its location? (school
> isnt in, so it cant be homework ;))
>
> I am hoping the files arent stored in a DB. Somehow i dont think it is, but
> it could be possible. I thought the header would redirect me to the file but
> it didnt.
> ----------------------
> HTTP/1.1 200 OK
> Date: Wed, 22 Jul 2008 15:30:28 GMT
> Server: Apache/1.3.39 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2
> mod_bwlimited/1.4 PHP/4.4.7 FrontPage/5.0.2.2635.SR1.2 mod_ssl/2.8.30
> OpenSSL/0.9.7a
> X-Powered-By: PHP/4.4.7
> Expires: Thu, 19 Nov 1981 08:52:00 GMT
> Cache-Control: no-store, no-cache, must-revalidate, post-check=0,
> pre-check=0
> Pragma: no-cache
> Content-Disposition: attachment; filename="the_file_name.ext"
> Transfer-Encoding: chunked
> Content-Type: video/TYPE_BASED_ON_FILE
>
The php scripts could be doing literally *anything*.
For example, somewhere around here I have a php script that creates buttons
out of thin air. I can embed an image tag like this in an html page:
<img src=
http://server.domain.com/button.php?size=12&font=times.ttf&logo=some+text>
When a web browser hits that tag, the server creates a PNG and sends it
right back. The button image is never stored anywhere on the server.
Bottom line is, you may have to see the php script to find out where the
images are stashed. If you're lucky, it could be somewhere in the server's
document tree. If not, it could be making stuff up as it goes along, or it
could be looking somewhere outside the server document tree...
Ralph Mitchell
Received on 2008-07-23