Another 1x1 pixel vulnerability

Talk about internet security, computer security, personal security, your social security number...
Post Reply
morganism
Senior Member
Posts: 116
Joined: Tue Nov 26, 2013 9:44 pm

Another 1x1 pixel vulnerability

Post by morganism » Sun Mar 13, 2016 9:37 pm

Maybe these 1x1 pixel sets should just automatically be blocked at the browser level.
I find them in most saved pages when i am stripping out chaff

https://torrentfreak.com/private-tracker-member-data-leaked-via-bbcode-exploit-160313/
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20130410 Firefox/23.0

barbaz
Senior Member
Posts: 9144
Joined: Sat Aug 03, 2013 5:45 pm

Re: Another 1x1 pixel vulnerability

Post by barbaz » Sun Mar 13, 2016 9:43 pm

Yep, this type of thing is one of the reasons why I use tools like ABE and µMatrix to set up restrictions on cross-site requests to and from this board.
*Always* check the changelogs BEFORE updating that important software!
-

User avatar
Thrawn
Senior Member
Posts: 3106
Joined: Mon Jan 16, 2012 3:46 am
Location: Australia
Contact:

Re: Another 1x1 pixel vulnerability

Post by Thrawn » Mon Mar 14, 2016 12:25 am

So...if I'm reading correctly, the significance of the BBCode was the ability to match the client data (which could be collected by anyone who can post an image link) to a username?
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.

True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:44.0) Gecko/20100101 Firefox/44.0

Post Reply