Jump to content

Security Of External "images" In Sigs


morrisjohnny
 Share

Recommended Posts

Upon researching some required information to complete a topic, i scrolled across a snippet of code which allows you to show YOUR own IP address using php.now surely, if you have the ability to show someone's ip, or the forums (not this one) are loading an external "image" from a url such as http://www.domain.co.uk/show_image.php?img_id=1 on this page. there might well be an image, However how about if the owner then decides to add a php code over the image which then has the ability to execute code off their server. How much damage can be done?What I'm trying to say is surely if someone can display your IP address within an image is it possible to re-direct someone to their web-page? which could be full of inappropriate material such as viruses, or perhaps something like creating a cookie which tracks their page loads and url history and reports back?Just a security concern i though of and wish to learn more about.Thanks-Johnny

Link to comment
Share on other sites

No, there's no way that they can do anything harmful. All you're getting on the client side is the image. Your browser is the one sending your IP to every single page as a request header. When it sends the request to the server with the image one it, the server just generates the image with the information and sends the image back.You cannot be redirected by a signature image because if the browser receives anything other than an image in response it won't do anything with it.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...