Start a new topic

Security vuln with external links in asks

recently (with permission and as a joke) I sent a friend of mine this image in an ask: it's a dynamically generated image with the viewer's IP address and location.


I did this to show a vulnerability with asks. linked images in asks are loaded without a clickthrough like iframely, and asks are a way to send a specific person a link.

my proposed vulnerability is as follows:

1) in an ask, link someone an IP logger in the form of an image

2) they open their inbox, loading this image

3) the first person who loads this image is likely to be the person the attacker sent the ask to

4) the attacker now knows the general location of the target

ideally all external links in asks (links not to cohosts cdn) would be handled through iframely.

another possible vuln here is that svgs can be uploaded to cohost's cdn and these can contain links to external sites in the same fashion

15 people have this problem
Login or Signup to post a comment