Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
Valery Gutin2018-12-23 14:51:11
JavaScript
Valery Gutin, 2018-12-23 14:51:11

Can this vulnerability harm the site?

I noticed on my site that you can insert the img tag with the src attribute in the form of any link into the field:

<img src="site.ru/script.php" alt="такой будет вид">

joraxxa.tmweb.ru
It's funny, but the toaster also has this vulnerability, all IP addresses (made in php) that visited this topic come here - joraxxa.tmweb.ru/data.txt
I understand that using this attacker will not be able to harm the site?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

7 answer(s)
Report
S
Saboteur, 2018-12-23
@alohamneploha

this is not a vulnerability, this is a normal use of src in img
You can call a script (php, python, bash, exe - any) - which generates an image for you on the go and returns exactly the binary data of the image as octet / stream
This is how many diagrams and graphs actually work in statistics engines.

Report
S
SagePtr, 2018-12-23
@SagePtr

And also insert a picture with a cat into the post, and after a while (when the post is lost and the chance of the moderator to stumble upon it will be minimal) - replace the picture with the cat with an image of a hemp leaf and set Roskomnadzor on it.
As a result, the site flies into blocking, and for some time the owners do not understand why the number of visitors from Russia suddenly dropped, and it will be very difficult to find the picture that the RKN found fault with, since the fact of the replacement will not be reflected anywhere in the logs, because it has been replaced it will be on the side of a third-party server.

Report
T
tema_sun, 2018-12-23
@tema_sun

In general, this is bad. In a good way, you need to download the picture to yourself, validate it there and already show it to users from your server.
It is strange that the toaster does not use habrastorage for this.

Report
P
profesor08, 2018-12-24
@profesor08

Nothing is bad. There is no difference what the link looks like, what matters is what content the server gives and how it processes it. I can insert ima/cat.jpg, and on the server I will process such a path as I want, and give out the content I want.

Report
A
Adamos, 2018-12-23
@Adamos

Any links to any site?
Then someone can enter there, for example, a link to an SVG with an exploit and simply wait for the site administrator to open the page where this link is displayed.
Or if you have "interesting" pages with GET requests, which can only be executed by the administrator - we write its address there and wait for the same.

Report
L
Lander, 2018-12-24
@usdglander

For example, you can insert a link of the type there /auth/sign_outand if the server does not check that this action can only be sent via POST, then everyone who opens this "picture" will automatically exit the site.

Report
J
Johnny Smith, 2018-12-24
@Olek1

Users can complain about the toaster for not intentionally sharing their data with third parties. Any user may not like it.

Similar questions
B
bigbaraboom2015-06-02 20:58:54
How to open a specific browser URL? 2Reply
M
Mikhail Rybakov2015-06-05 11:36:02
How to calculate the distribution of values? 3Reply
C
Captain Cocoa2017-05-21 15:33:59
How to add the /demo directory to a post? 1Reply
T
Theory Theory2021-04-24 12:07:48
How to pass a variable to $_POST? 2Reply
M
Maxim Vostrugin2015-06-11 09:24:12
How to make a picture-link in a post of classmates? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question