Answer the question
In order to leave comments, you need to log in
A
A
Anton Kozlov2016-01-26 23:04:22
Anton Kozlov, 2016-01-26 23:04:22
Is it possible to insert malicious code into an image?
Good afternoon,
**UPDATE**
I apologize for the inaccuracy in the wording of the question.
I am clarifying. Can an online image compression service insert malicious code into an image that could potentially affect Google Analytics?
I'm most likely paranoid, but the fact is that I used an online image optimizer and from the moment I uploaded this image to my site, hundreds of absolutely left visits appeared in Google Analytics.
the site is static on Jekyll, so there are not many options here.
thanks everyone!
3 answer(s)
@ja_anton
@thelongrunsmoke
@Fenteron
G
Grigory Vasilkov, 2016-01-27 @ja_anton
Well, in theory, how we did it -
1) take a server
2) set up a redirect from .jpg to .php
3) .php does some work, and even if it visits your site 50 times with a multi-threaded curl with proxies
4) after the code is executed we give out titles and a picture - the picture will be as if nothing had happened, only with a wild delay until the code is executed. Although if you smoke, then you can probably run a neighboring script from PHP, which will puff, and give out a picture right away.
Yes, what you said can be done.
Only the image compression service did not fall into your site, and even more so its pumping and analytics falsification.
A
Alexander Varakosov, 2016-01-27 @thelongrunsmoke
Inject code into PNG tags.
https://blog.sucuri.net/2014/02/new-iframe-injecti...
D
Damir Sinitsyn, 2016-01-26 @Fenteron
Everything is possible, but again the question is: WHY?
m.habrahabr.ru/post/148999/- on Habré, they have been bugging about this for a long time.
www.osp.ru/pcworld/2005/05/170165
Similar questions
P
V
K
D
I
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question