-- Posted by hawtshawty at 10:39 am on Aug. 20, 2008 Is there really a way to view   a private photobucket ?   because last night i was on   this forum and this guy exposed all my private photobucket   pictures straight from my album it had my url and   everything and my album is set to PRIVATE wtf ?? -- Posted by Seani at 10:40 am on Aug. 20, 2008 There's ways around everything. -- Posted by Stand Up at 10:41 am on Aug. 20, 2008 There's a way. =/ But It's like with a program and all. Are you sure it's private? -- Posted by itbeme at 10:41 am on Aug. 20, 2008 i dont think there's a way, maybe he found out your password? -- Posted by Praise the Lard at 10:41 am on Aug. 20, 2008 if it's on the internet it can be access by anyone theoretically -- Posted by hawtshawty at 10:41 am on Aug. 20, 2008 Quote: from iJeannie at 10:41 am on Aug. 20, 2008 There's a way. =/ But It's like with a program and all. Are you sure it's private? yeah its private i double checked and everything this sux -- Posted by Pardon my French at 10:43 am on Aug. 20, 2008 Quote: from iJeannie at 10:41 am on Aug. 20, 2008 There's a way. =/ But It's like with a program and all. Are you sure it's private? A program you say... sounds technical. You sound like you know all about it. I think you are a smart girl because you know about, like, programs and stuff. Maybe could you hack my ex-girlfriends email? I tried but the password is really tough. I'm sure that with, like, a program, it would be really easy for a computer genius such as yourself to figure out. -- Posted by Stand Up at 10:51 am on Aug. 20, 2008 Quote: from Pardon my French at 1:43 pm on Aug. 20, 2008 Quote: from iJeannie at 10:41 am on Aug. 20, 2008 There's a way. =/ But It's like with a program and all. Are you sure it's private? A program you say... sounds technical. You sound like you know all about it. I think you are a smart girl because you know about, like, programs and stuff. Maybe could you hack my ex-girlfriends email? I tried but the password is really tough. I'm sure that with, like, a program, it would be really easy for a computer genius such as yourself to figure out. Hey. Your so nice.   Srsly they had a video of how to do it but It was removed from youtube. I can't remember now. I asked about this a while ago, there's was a topic.. But It got fucked with the bug. You sound like an awesome exboyfriend btw. -- Posted by Stand Up at 10:52 am on Aug. 20, 2008 Quote: from hawtshawty at 1:41 pm on Aug. 20, 2008 Quote: from iJeannie at 10:41 am on Aug. 20, 2008 There's a way. =/ But It's like with a program and all. Are you sure it's private?   yeah its private i double checked and everything this sux UH nuh. Did you had bad pictures? =/   Better start deleting. btw, maybe you had a easy guest password and that's how he logged in. Check it out in your account options! -- Posted by hawtshawty at 10:59 am on Aug. 20, 2008 I NEED TO KNOW HOW TO VIEW A PRIVATE PHOTOBUCKET TO GET BACK AT THE DUDE THAT DID THAT 2 ME PLZZZ SUM 1 TELL ME HOW PM ME -- Posted by Fouad at 11:06 am on Aug. 20, 2008 Photobucket Allows Public Access To Private Photos I got an email from Ryan N today describing a huge privacy leak in Photobucket - allowing anyone to look at anyone else's private photos. Photobucket protects photos normally by password protecting them. However, as Ryan found, a username/password is not the only way to access the photos:    Here's a random livejournal user's "bucket"    http://img.photobucket.com/albums/v462/glass0rthodoxy/    as you can see it requires a login.    replace the subdomain with 'pb5′ voila, you're in:    http://pb5.photobucket.com/albums/v462/glass0rthodoxy/ As you can see, simply by looking at the exact same directory on another hostname allows you complete access to the user's private photos. Allowing indexing is not always a bad thing - sometimes it's a huge convenience. Other times it's a huge privacy leak that can cause people a lot of trouble and pain. Who knows what private photos people store there? This is a great example of why you can't think about applications the same way browsers do (same domain policy). Other servers can provide equal or better opportunity for exploitation and data leakage if they are somehow tied together. It's best to explore all options when doing penetration testing. Nice find, Ryan! source:http://ha.ckers.org/blog/20070713/photobucket-allows-public-access-to-private-photos/ -- Posted by Narfle the Garthok at 11:11 am on Aug. 20, 2008 Quote: from fouad at 11:06 am on Aug. 20, 2008 Photobucket Allows Public Access To Private Photos I got an email from Ryan N today describing a huge privacy leak in Photobucket - allowing anyone to look at anyone else's private photos. Photobucket protects photos normally by password protecting them. However, as Ryan found, a username/password is not the only way to access the photos:     Here's a random livejournal user's "bucket"     http://img.photobucket.com/albums/v462/glass0rthodoxy/     as you can see it requires a login.     replace the subdomain with 'pb5′ voila, you're in:     http://pb5.photobucket.com/albums/v462/glass0rthodoxy/   As you can see, simply by looking at the exact same directory on another hostname allows you complete access to the user's private photos. Allowing indexing is not always a bad thing - sometimes it's a huge convenience. Other times it's a huge privacy leak that can cause people a lot of trouble and pain. Who knows what private photos people store there? This is a great example of why you can't think about applications the same way browsers do (same domain policy). Other servers can provide equal or better opportunity for exploitation and data leakage if they are somehow tied together. It's best to explore all options when doing penetration testing. Nice find, Ryan! source:http://ha.ckers.org/blog/20070713/photobucket-allows-public-access-to-private-photos/ That was patched ages ago. -- Posted by helpfulanon at 6:34 pm on Mar. 26, 2009 I can do it. helpfulanon@gmail.com for more info.