Brief InformationUsers can include images in their posts which log IP data and this information can be used for bad intent, one of which include:
- Using NMAP to scan for open ports which might be vulnerable
- Selling the data to illegal parties
- DDoSing the IP address thus kicking the router offline ..etc etc
Here I have included some screenshots of the problem:
FixA fix would be to implement image proxy just like Google or Facebook does.
Use the special URL to show the user the picture such as:
So what would this do is the server gets the data from the picture and prints it out on the page which is www.gamebanana.com instead of some malicious URL.