Home | Community | Message Board


FreeSpores.com
Please support our sponsors.

General Interest >> Science and Technology

Welcome to the Shroomery Message Board! You are experiencing a small sample of what the site has to offer. Please login or register to post messages and view our exclusive members-only content. You'll gain access to additional forums, file attachments, board customizations, encrypted private messages, and much more!

Jump to first unread post. Pages: 1
InvisibleTinMan
Stranger

Registered: 10/01/02
Posts: 2,956
Loc: Russia
PHP? Crazy!
    #1882637 - 09/04/03 09:38 PM (13 years, 3 months ago)

http://www.danasoft.com/vipersig.jpg

Someone enlighten me to how this was done as an image that gets your info...


Post Extras: Print Post  Remind Me! Notify Moderator
InvisibleXochitl
synchronicitycircuit
Registered: 07/15/03
Posts: 1,241
Loc: the brainforest
Re: PHP? Crazy! [Re: TinMan]
    #1882853 - 09/04/03 10:37 PM (13 years, 3 months ago)

yeah, I just noticed someone had that in their sig. I did a triple-take :smile:

from the site:

I wrote this signature after a long drive when I was inspired by the thought of taking the referring information in a scipt and putting a "tricky" wrapper around it. Yes, the image above is really a PHP script that uses referrer information to make the image on-the-fly. I use a rewrite rule on my server to fool browsers into thinking its an image and allowing it in signatures. You may have picked up on that when you realized the image is actually a PNG file, but called a JPG file.

not exactly sure on how it works, though. I wonder what the security risks are.
 


--------------------
As we know, there are known knowns. There are things we know we know. We also know there are known unknowns. That is to say we know there are some things we do not know. But there are also unknown unknowns, the ones we don't know we don't know.

-Donald Rumsfeld 2/2/02 Pentagon


Post Extras: Print Post  Remind Me! Notify Moderator
OfflineRhizoid
carbon unit
Male

Registered: 01/23/00
Posts: 1,718
Loc: Europe
Last seen: 19 days, 10 hours
Re: PHP? Crazy! [Re: Xochitl]
    #1883118 - 09/04/03 11:35 PM (13 years, 3 months ago)

CGI scripts do this type of thing all the time. Typical usage is a gif image that displays a hit counter. The only tricky thing in this case is the rewriting of a .jpg filename into a script invocation, but I don't see why that should be necessary to make it work. It's perfectly legal html to use .cgi or .pl or .php filenames inside an IMG SRC tag as long as the script outputs the correct http CONTENT-TYPE header ("image/png" in this case).

Since the script runs on the server, the only user information it can play with is what your browser supplies it with. This is limited to the IP address and port number, and the USER-AGENT and REFERER headers supplied by your browser. In this example the "ISP" information is simply the reverse domain of the IP address, and the referrer information (the url of the originating web page) does not seem to be used at all, at least not when I click on that link.

As for security risks it's no different from allowing regular inline images from other servers, because those servers will get all the above information in any case, script or no script.


Post Extras: Print Post  Remind Me! Notify Moderator
InvisibleXochitl
synchronicitycircuit
Registered: 07/15/03
Posts: 1,241
Loc: the brainforest
Re: PHP? Crazy! [Re: Rhizoid]
    #1883661 - 09/05/03 02:27 AM (13 years, 3 months ago)

gotcha. thanks man :smile: 


--------------------
As we know, there are known knowns. There are things we know we know. We also know there are known unknowns. That is to say we know there are some things we do not know. But there are also unknown unknowns, the ones we don't know we don't know.

-Donald Rumsfeld 2/2/02 Pentagon


Post Extras: Print Post  Remind Me! Notify Moderator
OfflineMurex
Reality Hacker

Registered: 07/28/02
Posts: 3,599
Loc: Traped in a shell.
Last seen: 9 years, 3 months
Re: PHP? Crazy! [Re: Xochitl]
    #1885140 - 09/05/03 01:54 PM (13 years, 3 months ago)

I went to a site for the Matrix (movie) and it had that on it too.


--------------------
What if everything around you
Isn't quite as it seems?
What if all the world you think you know,
Is an elaborate dream?
And if you look at your reflection,
Is it all you want it to be?



Post Extras: Print Post  Remind Me! Notify Moderator
InvisibleTinMan
Stranger

Registered: 10/01/02
Posts: 2,956
Loc: Russia
Re: PHP? Crazy! [Re: Rhizoid]
    #1885684 - 09/05/03 05:01 PM (13 years, 3 months ago)

Yea, but the fact that you are only linking to a picture surprised me...


Post Extras: Print Post  Remind Me! Notify Moderator
OfflineAnnoA
Experimenter
 User Gallery

Folding@home Statistics
Registered: 06/18/99
Posts: 24,121
Loc: my room
Last seen: 2 months, 14 days
Re: PHP? Crazy! [Re: TinMan]
    #1893279 - 09/08/03 09:27 AM (13 years, 3 months ago)

You can make the PHP parser execute any file regardles of its file ending.
Example:
http://www.fungifun.org/bpics/pic.jpg

Hit reload a couple of times when the new page opens.


Post Extras: Print Post  Remind Me! Notify Moderator
Offline3DSHROOM
loon
Male

Registered: 04/20/99
Posts: 2,878
Last seen: 3 years, 9 months
Re: PHP? Crazy! [Re: TinMan]
    #1904922 - 09/11/03 12:44 PM (13 years, 2 months ago)



--------------------
Your friendly neighborhood loon


Post Extras: Print Post  Remind Me! Notify Moderator
Jump to top. Pages: 1

General Interest >> Science and Technology

Similar ThreadsPosterViewsRepliesLast post
* how to build an adult message board? adult image server? Telepylus 852 3 10/17/06 07:42 PM
by grimR
* ThePirateBay.org Raided - Servers Seized YthanA 1,119 12 06/04/06 03:17 AM
by funnybunny
* Forwarding a sub domain & MISC php question daytripper05 567 6 07/17/08 10:23 PM
by Ythan
* script for uploading to ftp server through browser interface sherm 685 5 02/11/09 03:28 PM
by blink
* PHP people HELLA_TIGHT 549 8 06/02/07 01:20 PM
by Ythan
* PHP Problem st0nedphucker 1,033 7 03/07/07 05:38 AM
by Seuss
* PHP/MySQL help daytripper05 941 7 04/21/08 12:48 AM
by ectolysergic
* PHP NUKE RIPPING Genius 438 3 11/06/04 07:11 PM
by Ythan

Extra information
You cannot start new topics / You cannot reply to topics
HTML is disabled / BBCode is enabled
Moderator: Lana, trendal, Diploid, automan
881 topic views. 0 members, 1 guests and 2 web crawlers are browsing this forum.
[ Toggle Favorite | Print Topic | Stats ]
Search this thread:
Azarius
Please support our sponsors.

Copyright 1997-2016 Mind Media. Some rights reserved.

Generated in 0.036 seconds spending 0.006 seconds on 14 queries.