We use the government website zakupki.gov.ru as a means of free hosting static files

_{Important preamble: the page below, which allows uploading files to the zakupki.gov.ru site without authorization, was eliminated less than 2 hours after the publication of this blog on Habrahabr. The blog posting will be saved, however, for the story, especially since in the comments Stigmated laid out an alternative (valid) download method .}

As it became known yesterday from Navalny , the Federal Treasury of the Russian Federation intends to spend another 778 million rubles on the development of the portal zakupki.gov.ru, where more than 360 million rubles have already been paid.

The question is: is there any immediate return for the people of these colossal expenditures? May the slanderers be silenced! In their unspeakable grace, the government arranged on this site an affordable hosting of static files - or, more correctly, the performers left a small hole uncovered, allowing you to go to http://zakupki.gov.ru/pgz/documentform and fill in without any authorization from there to the site all sorts of static files.

(I am writing a “small hole”, since a PHP file cannot be downloaded and then executed — however, you can still arrange image hosting, for example.)
')
Pay attention to the address of the following illustration, this morning there flooded:



Its address ( http://zakupki.gov.ru/pgz/documentdownload?documentId=39240775 ) allows cynically to assume that all documents ever uploaded to the site of public procurement are accessible by direct enumeration of their numbers.

In conclusion, I thank seriyPS for the kindly provided bloglog topic, and thank you for your attention to the readers.