未加星标

Using a web bug for information gathering

字体大小 | |
[开发(php) 所属分类 开发(php) | 发布者 店小二04 | 时间 2016 | 作者 红领巾 ] 0人收藏点击收藏

Abstract:

Any one can post an image anywhere that allows the posting of remote images, grab the http header information of any one who views the image and save it to a log file on a remote server. This has been done for a while by the advertisement industry to track users activities. It can also be used by mail clients to check that an email has been read by the recipient. It is known as a 'web bug'.

How its done:

1. You need aphp script that will capture the GET HTTP headers, echo an image and have the content-type header set as a jpg.

2. A directory called /image.jpg/

3. htaccess file to automatically load index files within directories

3. Some where you can post the <img> HTML tag.

Exploit:

Post the following code into any forum, blog, guestbook, website that accepts images from remote servers.

<img> http://www.mysite.com/image.jpg </img>

OR

<img src=" http://www.mysite.com/image.jpg ">

How it works:

The php script has a jpg header, echos an image and stores http header information to a log file. This is great but still has the .php extension rather than the .jpg extension.

You create a directory called /image.jpg/

You tell the htaccess to show any file named index when you access the /image.jpg/ directory. So when you access www.mysite.com/image.jpg it will automatically load the php script (index.php) which looks like an ordinary jpg.

So we now have a php script that acts and looks like an image, that records http headers and we also have it looking like it has the .jpg extension rather than the .php extension.

So what you can do is post the image.jpg directory to a forum as an image and it will record any one who views its http header information. e.i. ip, referer, user-agent, etc...

Impact:

You can grab sensitive information from any one you can social engineer into viewing an image.

This is legal behaviour however maybe considerd unethical depending on the intent of the person doing it. I have not included the PHP file that stores the GET HTTP header information due to posible misuse.

So far it has been tested on:

vBulletin 3.8.1 - in posts - not in avatar

vBulletin 3.6.8 - in posts - not in avatar

phpBB 3.0.3 - in post - in avatar

Facebook - not vulnerable

imageshack - not vulnerable

Joomla com jomcomment - Vulnerable

More info:

http://en.wikipedia.org/wiki/Web_bug

As for the post underneath about weather or not what the BBC did was legal or illegal, in short it was illegal however who's going to legally challenge them?

Here's a good debate on the topic:

http://www.guardian.co.uk/technology/blog/2009/mar/12/bbc-botnet-legality-questioned

本文开发(php)相关术语:php代码审计工具 php开发工程师 移动开发者大会 移动互联网开发 web开发工程师 软件开发流程 软件开发工程师

主题: HTMLPHPFacebook
分页:12
转载请注明
本文标题:Using a web bug for information gathering
本站链接:http://www.codesec.net/view/481415.html
分享请点击:


1.凡CodeSecTeam转载的文章,均出自其它媒体或其他官网介绍,目的在于传递更多的信息,并不代表本站赞同其观点和其真实性负责;
2.转载的文章仅代表原创作者观点,与本站无关。其原创性以及文中陈述文字和内容未经本站证实,本站对该文以及其中全部或者部分内容、文字的真实性、完整性、及时性,不作出任何保证或承若;
3.如本站转载稿涉及版权等问题,请作者及时联系本站,我们会及时处理。
登录后可拥有收藏文章、关注作者等权限...
技术大类 技术大类 | 开发(php) | 评论(0) | 阅读(32)