Sociopath Community

Message Turncoat in a DM to get moderator attention
Users Online(? lurkers):
9 posts
0 votes

Security vulnerability: Linked media from untrusted websites

on 3/26/2023
Posts: 15

I noticed that apparently users can grab people's IPs by linking a photo here:

Posted Image

because it links to another website. Nobody even needs to press any links. You can verify that it works here: iplogger.org [slash] logger [slash] wXbB39Ov09sH

I also noticed that the linked media can run untrusted scripts from external webpages. For example if I link a youtube video like this:

it tries to run scripts from the following websites:

…sociopathcommunity.com
…doubleclick.net
…google.com
…googletagmanager.com
…googlevideo.com
…gstatic.com
…jnn-pa.googleapis.com
…youtube.com

Couldn't someone link mirrored media here from their own phishing website that runs their own javascript that can be used to dox or grab cookies from people if they don't have a noscript extension on their browser?

last edit on 3/26/2023 3:13:49 PM
on 3/26/2023
Posts: 2866
0 votes RE: Security vulnerability: Linked media from untrusted websites

No, because you cant embed random websites.

 

edit: and images dont run scripts

Cheery bye!
last edit on 3/26/2023 3:22:40 PM
on 3/26/2023
Posts: 15
0 votes RE: Security vulnerability: Linked media from untrusted websites
Good said: 

No, because you cant embed random websites.

 

edit: and images dont run scripts

Can I give it a try?

The IP grabbing does seem to work with images. You can see all the IPs and browser versions of everyone who visits this topic. They don't even need to press any links.

Example IPs:


3/26/23
4:19:26 PM
109.70.100.74
Foundation for Applied Privacy
AustriaVienna
Windows
Firefox
https://sociopathcommunity.com/
More info
Accuracy: ip
3/26/23
4:18:30 PM
109.70.100.74
Foundation for Applied Privacy
AustriaVienna
Windows
Firefox
https://sociopathcommunity.com/
More info
Accuracy: ip
3/26/23
4:16:58 PM
109.70.100.74
Foundation for Applied Privacy
AustriaVienna
Windows
Firefox
https://sociopathcommunity.com/
More info
Accuracy: ip
3/26/23
4:13:30 PM
95.214.235.135
Virtual Systems LLC
UkraineKyiv
Windows
Firefox
https://sociopathcommunity.com/
More info
Accuracy: ip
3/26/23
4:08:12 PM
192.42.116.173
Surf B.V.
NetherlandsAmsterdam
Windows
Firefox
https://sociopathcommunity.com/
More info
Accuracy: ip
3/26/23
3:31:18 PM
108.173.139.174
TELUS Communications Inc
CanadaHinton
OS X
Chrome
https://sociopathcommunity.com/
More info
Accuracy: ip
3/26/23
3:27:19 PM
130.204.123.150
A1 Bulgaria EAD
BulgariaBozhurishte
Windows
Chrome
https://sociopathcommunity.com/
More info
Accuracy: ip
3/26/23
3:22:41 PM
130.204.123.150
A1 Bulgaria EAD
BulgariaBozhurishte
Windows
Chrome
https://sociopathcommunity.com/
More info
Accuracy: ip
3/26/23
3:22:19 PM
130.204.123.150
A1 Bulgaria EAD
BulgariaBozhurishte
Windows
Chrome
https://sociopathcommunity.com/
More info
Accuracy: ip
3/26/23
3:21:58 PM
130.204.123.150
A1 Bulgaria EAD
BulgariaBozhurishte
Windows
Chrome
https://sociopathcommunity.com/
More info
Accuracy: ip
3/26/23
3:21:10 PM
130.204.123.150
A1 Bulgaria EAD
BulgariaBozhurishte
Windows
Chrome
https://sociopathcommunity.com/
More info
Accuracy: ip
3/26/23
3:13:53 PM
162.247.74.27
The Calyx Institute
United StatesNew York
Windows
Firefox
https://sociopathcommunity.com/
More info
Accuracy: ip
3/26/23
3:13:48 PM
162.247.74.27
The Calyx Institute
United StatesNew York
Windows
Firefox
https://sociopathcommunity.com/
More info
Accuracy: ip
3/26/23
3:13:45 PM
162.247.74.27
The Calyx Institute
United StatesNew York
Windows
Firefox
https://sociopathcommunity.com/
More info

last edit on 3/26/2023 4:25:44 PM
on 3/26/2023
Posts: 523
0 votes RE: Security vulnerability: Linked media from untrusted websites

Would the movie video stream have a vulnerability like this?

The blood on my hands covered the holes
on 3/26/2023
Posts: 523
0 votes RE: Security vulnerability: Linked media from untrusted websites
EmilyJenkins said:

 

Accuracy: ip
3/26/23
3:13:45 PM
162.247.74.27
The Calyx Institute
United StatesNew York
Windows
Firefox
https://sociopathcommunity.com/
More info

The first several pages of hits are all from this one.

According to their website

Our mission is to educate the public about privacy in digital communications and to develop tools that anyone can use. By embracing "privacy by design," we help make digital security and privacy more accessible to everyone.

 Is this thread a dox- interactive Ad?

The blood on my hands covered the holes
on 3/26/2023
Posts: 117
0 votes RE: Security vulnerability: Linked media from untrusted websites
PastelPink said: 

Would the movie video stream have a vulnerability like this?

 Everything has a vulnerability. You’re better off entirely offline. And endangering those closest to you. 

SC is dead
on 3/26/2023
Posts: 2866
0 votes RE: Security vulnerability: Linked media from untrusted websites

The IP grabbing does not run scripts.

 

When you load the image, you have to send a request to the image host site. When you send a request to any website you have to send them your IP, so the site knows to whom to reply back to. And when you send your IP to a server, it is available for viewing by that server.

 

I am not sure if you even can get an IP with a script, maybe, but it's unnecessary, you just need the HTTP request.

 

 

PastelPink said: 

Would the movie video stream have a vulnerability like this?

Yes, thats why only admins/mods can access it.

 

 

edit: IPs are public information IMO, and by the law too i believe i forgot for sure tho.

Cheery bye!
last edit on 3/26/2023 4:48:35 PM
on 3/26/2023
Posts: 2866
0 votes RE: Security vulnerability: Linked media from untrusted websites

Oh and you can try to run an offsite script.

Cheery bye!
on 3/26/2023
Posts: 117
0 votes RE: Security vulnerability: Linked media from untrusted websites

good seems gullible enough to fall for this.

SC is dead
9 posts
Back to forum
This site contains NSFW material. To view and use this site, you must be 18+ years of age.