MyBB Community Forums

MyBB Community Forums > 1.8 Support > General Support > running php files with image tags ?Vulnerability?
Full Version: running php files with image tags ?Vulnerability?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Amen4747

2018-08-02, 10:59 AM
If I upload my image file to my site, 

I get php URl.

"~/attachment.php?aid=1"

if I use that image URL on another site.

and add the get IP function in my attachment.php.

I can get the IP of people who are viewing my image at another site.

Devilshakerz

2018-08-02, 08:22 PM
Correct, servers have access to information like IP addresses when their resources are accessed. Third-party sites may prevent it by using a resource proxy (like DVZ Secure Content for MyBB), in which case only the proxy's IP address will be disclosed.

Euan T

2018-08-02, 08:57 PM
Also note that you can also get the requester's URL with a static resource like a standard JPEG by simply looking at your server's access log.

Amen4747

2018-08-03, 12:05 AM
great ! I learned
MyBB Community Forums > 1.8 Support > General Support > running php files with image tags ?Vulnerability?