Answer the question
In order to leave comments, you need to log in
Is it possible to insert malicious code into an image?
Good afternoon,
**UPDATE**
I apologize for the inaccuracy in the wording of the question.
I am clarifying. Can an online image compression service insert malicious code into an image that could potentially affect Google Analytics?
I'm most likely paranoid, but the fact is that I used an online image optimizer and from the moment I uploaded this image to my site, hundreds of absolutely left visits appeared in Google Analytics.
the site is static on Jekyll, so there are not many options here.
thanks everyone!
Answer the question
In order to leave comments, you need to log in
Well, in theory, how we did it -
1) take a server
2) set up a redirect from .jpg to .php
3) .php does some work, and even if it visits your site 50 times with a multi-threaded curl with proxies
4) after the code is executed we give out titles and a picture - the picture will be as if nothing had happened, only with a wild delay until the code is executed. Although if you smoke, then you can probably run a neighboring script from PHP, which will puff, and give out a picture right away.
Yes, what you said can be done.
Only the image compression service did not fall into your site, and even more so its pumping and analytics falsification.
Inject code into PNG tags.
https://blog.sucuri.net/2014/02/new-iframe-injecti...
Everything is possible, but again the question is: WHY?
m.habrahabr.ru/post/148999/- on Habré, they have been bugging about this for a long time.
www.osp.ru/pcworld/2005/05/170165
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question