Saturday, January 12, 2008

pastey.net

A very interesting site that I was introduced to today is a site called pastey.net. Basically, it appears to work off of the same concept as tinyurl; however, pastey basically works with strings of text.

Let me give you an example....

Let's assume that you have found some piece of code on one computer system and you need to move it over to a different system. Pastey allows for you to paste this code into a form-field and auto-magically....it generates a semi-random URL where you are able to grab your contents.

Flaw in system?

Well...unfortunately, i'm sure that there are 100 different reasons why you should use this system, however, there is one area of concern. Do not send sensitive data through the portal. There is a method for securing the data (not sure how that works...i'll look at that in the next day or so), but by running a simple fuzzer, were were able to view 1000's of other responses and uploads to the server (and you would be amazed at what we found). So....great idea, but unfortunately....the execution appears to be a bit too simple; however, perhaps that's exactly what they were going for....?

You have been warned.