Using a web bug for information gathering
Any one can post an image anywhere that allows the posting of remote images, grab the http header information of any one who views the image and save it to a log file on a remote server. This has been done for a while by the advertisement industry to track users activities. It can also be used by mail clients to check that an email has been read by the recipient. It is known as a 'web bug'.
How its done:
1. You need aphp script that will capture the GET HTTP headers, echo an image and have the content-type header set as a jpg.
2. A directory called /image.jpg/
3. htaccess file to automatically load index files within directories
3. Some where you can post the <img> HTML tag.
Post the following code into any forum, blog, guestbook, website that accepts images from remote servers.
<img> http://www.mysite.com/image.jpg </img>
<img src=" http://www.mysite.com/image.jpg ">
How it works:
The php script has a jpg header, echos an image and stores http header information to a log file. This is great but still has the .php extension rather than the .jpg extension.
You create a directory called /image.jpg/
You tell the htaccess to show any file named index when you access the /image.jpg/ directory. So when you access www.mysite.com/image.jpg it will automatically load the php script (index.php) which looks like an ordinary jpg.
So we now have a php script that acts and looks like an image, that records http headers and we also have it looking like it has the .jpg extension rather than the .php extension.
So what you can do is post the image.jpg directory to a forum as an image and it will record any one who views its http header information. e.i. ip, referer, user-agent, etc...
You can grab sensitive information from any one you can social engineer into viewing an image.This is legal behaviour however maybe considerd unethical depending on the intent of the person doing it. I have not included the PHP file that stores the GET HTTP header information due to posible misuse.
So far it has been tested on:
vBulletin 3.8.1 - in posts - not in avatar
vBulletin 3.6.8 - in posts - not in avatar
phpBB 3.0.3 - in post - in avatar
Facebook - not vulnerable
imageshack - not vulnerable
Joomla com jomcomment - Vulnerable
As for the post underneath about weather or not what the BBC did was legal or illegal, in short it was illegal however who's going to legally challenge them?
Here's a good debate on the topic:
本文开发（php）相关术语:php代码审计工具 php开发工程师 移动开发者大会 移动互联网开发 web开发工程师 软件开发流程 软件开发工程师