{"id":877,"date":"2020-05-09T04:07:05","date_gmt":"2020-05-09T03:07:05","guid":{"rendered":"http:\/\/zerothcode.com\/blog\/?p=877"},"modified":"2020-10-08T05:12:03","modified_gmt":"2020-10-08T04:12:03","slug":"pixel-steals-data-im-invisible","status":"publish","type":"post","link":"https:\/\/zerothcode.com\/blog\/pixel-steals-data-im-invisible\/","title":{"rendered":"Pixel That Steals Data &#8211; I\u2019m Invisible"},"content":{"rendered":"<p id=\"ba55\" class=\"fr gf ap ce ft b fu fv gg fw fx gh fy fz gi ga gb gj gc gd gk ge cx\" data-selectable-paragraph=\"\"><strong class=\"ft gl\">Summary :<\/strong><\/p>\n<p id=\"1690\" class=\"fr gf ap ce ft b fu fv gg fw fx gh fy fz gi ga gb gj gc gd gk ge cx\" data-selectable-paragraph=\"\">A vulnerability using which an attacker can obtain the information of all the users without their knowledge. He can steal his IP address, ISP, country name, city name, region, Device info, browser details.<\/p>\n<p id=\"981e\" class=\"fr gf ap ce ft b fu fv gg fw fx gh fy fz gi ga gb gj gc gd gk ge cx\" data-selectable-paragraph=\"\">This vulnerability can be found on the places where you have an option of uploading an image using URL eg. forums, discussion pages, comments sections, messages, fetching image using &lt;img src=\u201dURL\u201d&gt; tag etc.<\/p>\n<p id=\"6a53\" class=\"fr gf ap ce ft b fu fv gg fw fx gh fy fz gi ga gb gj gc gd gk ge cx\" data-selectable-paragraph=\"\"><strong class=\"ft gl\">How to find this vulnerability ?<\/strong><\/p>\n<ol class=\"\">\n<li id=\"2417\" class=\"fr gf ap ce ft b fu fv gg fw fx gh fy fz gi ga gb gj gc gd gk ge gm gn go\" data-selectable-paragraph=\"\">Go to\u00a0<a class=\"bx ff gp gq gr gs\" href=\"https:\/\/iplogger.org\/invisible\/\" target=\"_blank\" rel=\"noopener nofollow noreferrer\">https:\/\/iplogger.org\/invisible\/<\/a>\u00a0and generate an invisible image<\/li>\n<\/ol>\n<p id=\"0245\" class=\"fr gf ap ce ft b fu fv gg fw fx gh fy fz gi ga gb gj gc gd gk ge cx\" data-selectable-paragraph=\"\">2. After that a link will be generated, copy it and click on Logged IP\u2019s<\/p>\n<figure class=\"gu gv gw gx gy gz co cp paragraph-image\">\n<div class=\"ha hb hc hd ai\">\n<div class=\"co cp gt\">\n<div class=\"hj r hc hk\">\n<div class=\"hl hm r\">\n<div class=\"he hf s t u hg ai av hh hi\"><img loading=\"lazy\" decoding=\"async\" class=\"s t u hg ai hn ho bc rh\" role=\"presentation\" src=\"https:\/\/miro.medium.com\/max\/60\/1*CP7iX5o3AwIOqnv6yxcwKA.png?q=20\" width=\"1026\" height=\"361\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"me rg s t u hg ai hq\" role=\"presentation\" src=\"https:\/\/miro.medium.com\/max\/1026\/1*CP7iX5o3AwIOqnv6yxcwKA.png\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/552\/1*CP7iX5o3AwIOqnv6yxcwKA.png 276w, https:\/\/miro.medium.com\/max\/1104\/1*CP7iX5o3AwIOqnv6yxcwKA.png 552w, https:\/\/miro.medium.com\/max\/1280\/1*CP7iX5o3AwIOqnv6yxcwKA.png 640w, https:\/\/miro.medium.com\/max\/1400\/1*CP7iX5o3AwIOqnv6yxcwKA.png 700w\" width=\"1026\" height=\"361\" \/><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div><figcaption class=\"hr hs cq co cp ht hu cd eh ei cf ci\" data-selectable-paragraph=\"\">IP Logger<\/figcaption><\/figure>\n<p id=\"23c0\" class=\"fr gf ap ce ft b fu fv gg fw fx gh fy fz gi ga gb gj gc gd gk ge cx\" data-selectable-paragraph=\"\">3. Now upload the image : 2 ways<\/p>\n<p id=\"ad8e\" class=\"fr gf ap ce ft b fu fv gg fw fx gh fy fz gi ga gb gj gc gd gk ge cx\" data-selectable-paragraph=\"\">i) Fetch image using web<\/p>\n<figure class=\"gu gv gw gx gy gz co cp paragraph-image\">\n<div class=\"co cp hv\">\n<div class=\"hj r hc hk\">\n<div class=\"hw hm r\">\n<div class=\"he hf s t u hg ai av hh hi\"><img loading=\"lazy\" decoding=\"async\" class=\"s t u hg ai hn ho bc rh\" role=\"presentation\" src=\"https:\/\/miro.medium.com\/max\/60\/1*CikDHdyOt2NV8Fh8sKrm-g.png?q=20\" width=\"412\" height=\"289\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"me rg s t u hg ai hq\" role=\"presentation\" src=\"https:\/\/miro.medium.com\/max\/412\/1*CikDHdyOt2NV8Fh8sKrm-g.png\" sizes=\"auto, 412px\" srcset=\"https:\/\/miro.medium.com\/max\/552\/1*CikDHdyOt2NV8Fh8sKrm-g.png 276w, https:\/\/miro.medium.com\/max\/824\/1*CikDHdyOt2NV8Fh8sKrm-g.png 412w\" width=\"412\" height=\"289\" \/><\/p>\n<\/div>\n<\/div>\n<\/div><figcaption class=\"hr hs cq co cp ht hu cd eh ei cf ci\" data-selectable-paragraph=\"\">Fetching Image &#8211; 1<\/figcaption><\/figure>\n<p id=\"5386\" class=\"fr gf ap ce ft b fu fv gg fw fx gh fy fz gi ga gb gj gc gd gk ge cx\" data-selectable-paragraph=\"\">ii) Fetch image using &lt;img src=\u201dURL\u201d&gt; tag<\/p>\n<figure class=\"gu gv gw gx gy gz co cp paragraph-image\">\n<div class=\"co cp hx\">\n<div class=\"hj r hc hk\">\n<div class=\"hy hm r\">\n<div class=\"he hf s t u hg ai av hh hi\"><img loading=\"lazy\" decoding=\"async\" class=\"s t u hg ai hn ho bc rh\" role=\"presentation\" src=\"https:\/\/miro.medium.com\/max\/60\/1*phwPkkGD-SDfKi8WT8jyOQ.png?q=20\" width=\"686\" height=\"401\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"me rg s t u hg ai hq\" role=\"presentation\" src=\"https:\/\/miro.medium.com\/max\/686\/1*phwPkkGD-SDfKi8WT8jyOQ.png\" sizes=\"auto, 686px\" srcset=\"https:\/\/miro.medium.com\/max\/552\/1*phwPkkGD-SDfKi8WT8jyOQ.png 276w, https:\/\/miro.medium.com\/max\/1104\/1*phwPkkGD-SDfKi8WT8jyOQ.png 552w, https:\/\/miro.medium.com\/max\/1280\/1*phwPkkGD-SDfKi8WT8jyOQ.png 640w, https:\/\/miro.medium.com\/max\/1372\/1*phwPkkGD-SDfKi8WT8jyOQ.png 686w\" width=\"686\" height=\"401\" \/><\/p>\n<\/div>\n<\/div>\n<\/div><figcaption class=\"hr hs cq co cp ht hu cd eh ei cf ci\" data-selectable-paragraph=\"\">Fetching Image &#8211; 2<\/figcaption><\/figure>\n<p id=\"95e0\" class=\"fr gf ap ce ft b fu fv gg fw fx gh fy fz gi ga gb gj gc gd gk ge cx\" data-selectable-paragraph=\"\">4. Now post it and wait for some time, as soon as people will start looking your topic you\u2019ll get the IP addresses, country name, city name, region, Device info, browser details.<\/p>\n<figure class=\"gu gv gw gx gy gz co cp paragraph-image\">\n<div class=\"ha hb hc hd ai\">\n<div class=\"co cp hz\">\n<div class=\"hj r hc hk\">\n<div class=\"ia hm r\">\n<div class=\"he hf s t u hg ai av hh hi\"><img loading=\"lazy\" decoding=\"async\" class=\"s t u hg ai hn ho bc rh\" role=\"presentation\" src=\"https:\/\/miro.medium.com\/max\/60\/1*NUuPMkiUo9ipEDSzdSZH2A.png?q=20\" width=\"1012\" height=\"464\" \/><\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"me rg s t u hg ai hq\" role=\"presentation\" src=\"https:\/\/miro.medium.com\/max\/1012\/1*NUuPMkiUo9ipEDSzdSZH2A.png\" sizes=\"auto, 700px\" srcset=\"https:\/\/miro.medium.com\/max\/552\/1*NUuPMkiUo9ipEDSzdSZH2A.png 276w, https:\/\/miro.medium.com\/max\/1104\/1*NUuPMkiUo9ipEDSzdSZH2A.png 552w, https:\/\/miro.medium.com\/max\/1280\/1*NUuPMkiUo9ipEDSzdSZH2A.png 640w, https:\/\/miro.medium.com\/max\/1400\/1*NUuPMkiUo9ipEDSzdSZH2A.png 700w\" width=\"1012\" height=\"464\" \/><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div><figcaption class=\"hr hs cq co cp ht hu cd eh ei cf ci\" data-selectable-paragraph=\"\">IP and other Info<\/figcaption><\/figure>\n<p id=\"aa81\" class=\"fr gf ap ce ft b fu fv gg fw fx gh fy fz gi ga gb gj gc gd gk ge cx\" data-selectable-paragraph=\"\"><strong class=\"ft gl\">Mitigation<\/strong>\u00a0: Proxy all the objects from third-party resources and create a CSP. Although this is only one way of mitigation, their could be many.<\/p>\n<p id=\"874a\" class=\"fr gf ap ce ft b fu fv gg fw fx gh fy fz gi ga gb gj gc gd gk ge cx\" data-selectable-paragraph=\"\">Thank You \ud83d\ude42<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Summary : A vulnerability using which an attacker can obtain the information of all the users without their knowledge. He<\/p>\n","protected":false},"author":1,"featured_media":878,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[51],"tags":[],"yst_prominent_words":[1263,1255,1250,1246,1261,1253,1248,1244,1258,1259,1260,1262,1254,1249,1245,1256,1251,1247,1257,1252],"class_list":["post-877","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tutorials"],"_links":{"self":[{"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/posts\/877","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/comments?post=877"}],"version-history":[{"count":0,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/posts\/877\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/media\/878"}],"wp:attachment":[{"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/media?parent=877"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/categories?post=877"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/tags?post=877"},{"taxonomy":"yst_prominent_words","embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/yst_prominent_words?post=877"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}