|
Forum Exploit of [img] tag (with goo.gl redirects for example) Hi, One of the users on my forum pointed me out that he was able to post any kind of url (also goo.gl redirects) within the image tags, like this: Code: [ IMG ] http://goo.gl/GLfGG [ /IMG ] . I'll also post it here to check if it works here too. http://goo.gl/GLfGG Not only is he able to gather stats and info on the site usage, but how badly can this be exploited by others? Since it is an abuse of the image tag, I could imagine that there should be some kind of filter to test if the posted url is actually an image, and maybe even within certain restrictions (file dimensions at least 16x16, file size at least 2kb, for example). I could probably turn use of remote images down, but that would have a big impact on the usage of images on the forum. So any other solutions or tips are welcome ... thanks! |
| الساعة الآن 02:23 PM |
Powered by vBulletin® Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.5.2 TranZ By
Almuhajir