我正在测试提供版权照片的我们网站之一的安全性。我们的照片图案是:
https://www.example.com/image_gallery/watermark/[id].jpg
,我想测试是否有任何URL可以使用户访问非水印图片。
例如:https://www.example.com/image_gallery/large/[id].jpg
所以我当时想的是运行一个脚本,尝试该段的所有字符串组合,例如:
https://www.example.com/image_gallery/[a-zzzzzzzz]/[id].jpg
从字母a到所有组合一直到zzzzzzzz。
有什么想法吗?
![https://www.example.com/image_gallery/watermark/[id].jpg](https://www.example.com/image_gallery/watermark/[id].jpg){kind=link}
![https://www.example.com/image_gallery/large/[id].jpg](https://www.example.com/image_gallery/large/[id].jpg){kind=link}
![https://www.example.com/image_gallery/[a-zzzzzzzz]/[id].jpg](https://www.example.com/image_gallery/[a-zzzzzzzz]/[id].jpg){kind=link}