MyBB Community Forums
running php files with image tags ?Vulnerability? - Printable Version

+- MyBB Community Forums (https://community.mybb.com)
+-- Forum: 1.8 Support (https://community.mybb.com/forum-175.html)
+--- Forum: General Support (https://community.mybb.com/forum-176.html)
+--- Thread: running php files with image tags ?Vulnerability? (/thread-219079.html)



running php files with image tags ?Vulnerability? - Amen4747 - 2018-08-02

If I upload my image file to my site, 

I get php URl.

"~/attachment.php?aid=1"

if I use that image URL on another site.

and add the get IP function in my attachment.php.

I can get the IP of people who are viewing my image at another site.


RE: running php files with image tags ?Vulnerability? - Devilshakerz - 2018-08-02

Correct, servers have access to information like IP addresses when their resources are accessed. Third-party sites may prevent it by using a resource proxy (like DVZ Secure Content for MyBB), in which case only the proxy's IP address will be disclosed.


RE: running php files with image tags ?Vulnerability? - Euan T - 2018-08-02

Also note that you can also get the requester's URL with a static resource like a standard JPEG by simply looking at your server's access log.


RE: running php files with image tags ?Vulnerability? - Amen4747 - 2018-08-03

great ! I learned