Recent
Using a web bug for information gathering
Abstract:
Any one can post an image anywhere that allows the posting of remote images, grab the http header information of any one who views the image and save it to a log file on a remote server. This has been done for a while by the advertisement industry to track users activities. It can also be used by mail clients to check that an email has been read by the recipient. It is known as a ‘web bug’.
How its done:
1. You need a php script that will capture the GET HTTP headers, echo an image and have the content-type header set as a jpg.
2. A directory called /image.jpg/
3. htaccess file to automatically load index files within directories
3. Some where you can post the <img> HTML tag.
Exploit:
Post the following code into any forum, blog, guestbook, website that accepts images from remote servers.
<img>http://www.mysite.com/image.jpg</img>
OR
<img src=”http://www.mysite.com/image.jpg“>
How it works:
The php script has a jpg header, echos an image and stores http header information to a log file. This is great but still has the .php extension rather than the .jpg extension.
You create a directory called /image.jpg/
You tell the htaccess to show any file named index when you access the /image.jpg/ directory. So when you access www.mysite.com/image.jpg it will automatically load the php script (index.php) which looks like an ordinary jpg.
So we now have a php script that acts and looks like an image, that records http headers and we also have it looking like it has the .jpg extension rather than the .php extension.
So what you can do is post the image.jpg directory to a forum as an image and it will record any one who views its http header information. e.i. ip, referer, user-agent, etc…
Impact:
You can grab sensitive information from any one you can social engineer into viewing an image.
This is legal behaviour however maybe considerd unethical depending on the intent of the person doing it. I have not included the PHP file that stores the GET HTTP header information due to posible misuse.
So far it has been tested on:
vBulletin 3.8.1 – in posts – not in avatar
vBulletin 3.6.8 – in posts – not in avatar
phpBB 3.0.3 – in post – in avatar
Facebook – not vulnerable
imageshack – not vulnerable
Joomla com jomcomment – Vulnerable
More info:
http://en.wikipedia.org/wiki/Web_bug
As for the post underneath about weather or not what the BBC did was legal or illegal, in short it was illegal however who’s going to legally challenge them?
Here’s a good debate on the topic:
http://www.guardian.co.uk/technology/blog/2009/mar/12/bbc-botnet-legality-questioned
7 Responses to “Using a web bug for information gathering”
1337speak
This looks to be a really useful tool, for information gathering. It’s a good job you have done here!
patricabef
Anything. ciales buy on line A joke for you peoples! What did the robot have to do before she wore any earrings? She had to get her gears pierced.
theresavam
In my opinion it only the beginning. I suggest you to try to look in google.com ciallis get Do you want a fresh joke from net? Why do bagpipers walk when they play? They’re trying to get away from the noise.
irinakic
I consider, that you are mistaken. ciallis generic Florida Nice joke! What do you call a crazy blackbird? A raven lunatic!
psybeah
What are the best reliable websites for online forex trading and what are your helpful tips for the one who just started to get acquainted to this? Thanks
[url=http://forexrobot-review.info]best forex software[/url]
psybeah
I hope to trade forex for a living, and I think a forex mentor will greatly reduce my learning curve. How do I go about finding a forex mentor? I don’t want to attend a confusing webinar, nor do I want a subscription to a series of camtasia videos. I’m looking for personal instruction from an experienced trader who lives on forex.
[url=http://forexrobot-review.info]best forex software[/url]
heesan
This variant does not approach me. Perhaps there are still variants? ciallis pill I have read a good joke in internet ;) Where do you get virgin wool from? Ugly sheep.