Access non-public content from Websites
Posted 09 April 2012 - 11:51 AM
I've been having a quick look at PHP because I just wanted to make my own signature rotator. But once I finished that I started to think about the things I could do with php scripts that return images.
For example, check my signature. It gets Today top poster data and makes fun of him.
I'm basicly using this function file_get_contents. Where I need the URL to get data from.
But that was easy to do since the Forum Stats are public. But if I want to get data from my profile or any other Members only section of the Forum, I can't. Since the script won't be able to access that.
Is there any way I can do it?
BTW, I first used PHP today. Still geting the hand on the sintaxis and stuff.
Posted 09 April 2012 - 12:14 PM
Posted 10 April 2012 - 02:24 AM
This has number of vulnerabilities, but overall, it's a pretty solid system. If you want to write a script that retrieves information from a page you need to be logged in to, all you really need to do is set a cookie with session ID and then run the request. Edmachine's links should help you with that. If you want to have the script log in automatically, you'll need to make sure that your script receives cookies along with the data, and keeps track of the session ID while you POST the user name and password.
By the way, a lot of forums allow session ID to be passed as GET parameter. I'm not sure about this one. You can experiment with it by disabling cookies and seeing if it works for you. However, a secure forum script will not allow you to pass session ID via GET method if you logged in with cookies. This has to do with vulnerabilities mentioned earlier.
Posted 15 April 2012 - 06:04 PM
Posted 17 April 2012 - 12:31 AM
Posted 17 April 2012 - 01:07 AM
|QUOTE (nightwalker83 @ Monday, Apr 16 2012, 20:31)|
|Wouldn't that be a huge security risk if you are accessing a protected area without entering the log-in details?|
It is, if there is any sensitive information there. Private sections of the forum, however, more often than not are kept private simply to keep undesirables out, so it's not always a big deal if these pages are getting read by someone.
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users