Jump to the post that solved this thread.
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Solved: 1 Year, 2 Months, 2 Weeks ago running php files with image tags ?Vulnerability?
#1
Solved: 1 Year, 2 Months, 2 Weeks ago
If I upload my image file to my site, 

I get php URl.

"~/attachment.php?aid=1"

if I use that image URL on another site.

and add the get IP function in my attachment.php.

I can get the IP of people who are viewing my image at another site.
Reply
#2
Solved: 1 Year, 2 Months, 2 Weeks ago
Correct, servers have access to information like IP addresses when their resources are accessed. Third-party sites may prevent it by using a resource proxy (like DVZ Secure Content for MyBB), in which case only the proxy's IP address will be disclosed.
devilshakerz.com/pgp (DF3A 34D9 A627 42E5 BC6A 6750 1F2F B8AA 28FF E1BC) ▪ keybase.io/devilshakerz
Reply
#3
Solved: 1 Year, 2 Months, 2 Weeks ago
Also note that you can also get the requester's URL with a static resource like a standard JPEG by simply looking at your server's access log.
Reply
#4
Solved: 1 Year, 2 Months, 2 Weeks ago
great ! I learned
Reply
Jump to the post that solved this thread.


Forum Jump:


Users browsing this thread: 1 Guest(s)