On the main page, we see what seems to be a website thumbail generator. A form allows us to generate a thumbnail with the URL of our choice.
First test: failed. When we try to put the http://google.com URL, the next page shows us an error message…
Second test: we try to load a website that we owned, in order to check the access.log. Nothing, there wasn’t any connection from the thumbnail generator to our own server. The script didn’t even tried to connect to our website, which gaves us the conclusion that only a local URL should be loaded.
Others tests : we tried with http://localhost, http://localhost:8097, http://127.0.0.1 … But the tool was continuously saying that these URL weren’t allowed. And if we we’re close to something interesting?
Continue reading [Cybercamp 2015] [Web 17 – Url Thumbs] Write Up