Thread Contributor: Hype
Idea Denied Secure Image Proxy
#1
I made this when I was looking into some image proxies and found some, but they were vulnerable to LFI, XSS, Path Traversal, etc.
So, I decided to make my own. This image proxy is secure from all of those vulnerabilities, I believe it isn't vulnerable to any sort of attack. If you do find one, congratulations and please notify me so I can fix the vulnerability.

https://github.com/x04/Secure-Image-Proxy

Also, thanks to Paradigm for helping with parts of this.
[Image: QDcxlgI.png?1]

#2
Can you please explain some more?
I'm not sure why you made this and how those vulnerabilities could have been exploited. And why somebody would use this.
[Image: DRPkiTY.gif]

#3
(11-25-2016, 10:07 AM)On3. Wrote: Can you please explain some more?
I'm not sure why you made this and how those vulnerabilities could have been exploited. And why somebody would use this.

An image proxy basically masks the viewing user's IP from the image, because there are ways to log IPs with images. Instead of the logger getting the viewing user's IP, they'll get the server's and it'll most likely be DDoS protected and not of much use.


I made this because lots of the current image proxies you could do things like this:
http://yourserver.com/img_proxy.php?url=...etc/passwd (that would show the contents of the passwd file on a Linux server)
Or:
http://yourserver.com/img_proxy.php?url=.../script> (An XSS vulnerability, allows injection of arbitrary javascript/html)
And even:
http://yourserver.com/img_proxy.php?url=.../shell.php (File inclusion vulnerabiliy)

I hope this helped to explain everything. If you have anymore questions please ask.
[Image: QDcxlgI.png?1]

#4
(11-25-2016, 02:29 PM)Hype Wrote:
(11-25-2016, 10:07 AM)On3. Wrote: Can you please explain some more?
I'm not sure why you made this and how those vulnerabilities could have been exploited. And why somebody would use this.

An image proxy basically masks the viewing user's IP from the image, because there are ways to log IPs with images. Instead of the logger getting the viewing user's IP, they'll get the server's and it'll most likely be DDoS protected and not of much use.


I made this because lots of the current image proxies you could do things like this:
http://yourserver.com/img_proxy.php?url=...etc/passwd (that would show the contents of the passwd file on a Linux server)
Or:
http://yourserver.com/img_proxy.php?url=.../script> (An XSS vulnerability, allows injection of arbitrary javascript/html)
And even:
http://yourserver.com/img_proxy.php?url=.../shell.php (File inclusion vulnerabiliy)

I hope this helped to explain everything. If you have anymore questions please ask.

You know that PHP is server sided right?
Why bother trying to "mask" the users IP when he comes to your server? Makes no sense.
If you're afraid that a person uploaded a malicious image to your server and it could use to exploit your server, you have bigger problems.
As for those examples, they make no sense. It's 2016, placing a parameter in a URL hoping that it will work has nothing to do with the images.
[Image: DRPkiTY.gif]

#5
(11-26-2016, 08:06 AM)On3. Wrote:
(11-25-2016, 02:29 PM)Hype Wrote:
(11-25-2016, 10:07 AM)On3. Wrote: Can you please explain some more?
I'm not sure why you made this and how those vulnerabilities could have been exploited. And why somebody would use this.

An image proxy basically masks the viewing user's IP from the image, because there are ways to log IPs with images. Instead of the logger getting the viewing user's IP, they'll get the server's and it'll most likely be DDoS protected and not of much use.


I made this because lots of the current image proxies you could do things like this:
http://yourserver.com/img_proxy.php?url=...etc/passwd (that would show the contents of the passwd file on a Linux server)
Or:
http://yourserver.com/img_proxy.php?url=.../script> (An XSS vulnerability, allows injection of arbitrary javascript/html)
And even:
http://yourserver.com/img_proxy.php?url=.../shell.php (File inclusion vulnerabiliy)

I hope this helped to explain everything. If you have anymore questions please ask.

You know that PHP is server sided right?
Why bother trying to "mask" the users IP when he comes to your server? Makes no sense.
If you're afraid that a person uploaded a malicious image to your server and it could use to exploit your server, you have bigger problems.
As for those examples, they make no sense. It's 2016, placing a parameter in a URL hoping that it will work has nothing to do with the images.

You know you can inject PHP using some of the said vulnerabilities right?
You're masking the user's IP from something like an image IP logger, like those images that say "Your IP: 0.0.0.0" or ones that actually log your IP.
And it's not that your afraid someone uploaded a "malicious image" to the server lol obviously you don't get what this is. I was saying other versions of this have vulnerabilities that could be exploited, this one doesn't.
Yes it does, you just don't understand what this is.
[Image: QDcxlgI.png?1]

#6
Cool I guess?



Users browsing this thread: 1 Guest(s)