Exploit discovered, allows images to have appended javascript
Right now, the guy who's using it is targeting 8chan, but it can be used for more malicious purposes.
Check /g/ for more info, I'm basically just a messenger and am too stupid to really understand the nuances of what it entails
Noscript and similar extensions basically shut it down, but if you haven't already you should probably delete flash from your machine
Avoid imgur
-
ExplosiveCrate
- Joined: Fri Apr 18, 2014 8:04 pm
- Byond Username: ExplosiveCrate
Re: Avoid imgur
Fucking *Bui* of all people? Holy shit, I'm dying over here.
i dont even know what the context for my signature was
-
Takeguru
- Joined: Wed May 07, 2014 5:20 pm
- Byond Username: TakeGuru
Re: Avoid imgur
It's probably not Bui
He doesn't seem the kind of person capable of it, because apparently the code being used is pretty fucking clever.
Or his act is the perfect cover, who knows
He doesn't seem the kind of person capable of it, because apparently the code being used is pretty fucking clever.
Or his act is the perfect cover, who knows
-
Ricotez
- Joined: Thu Apr 17, 2014 9:21 pm
- Byond Username: Ricotez
- Location: The Netherlands
Re: Avoid imgur
do browsers detect these attacks as XSS attacks? because that would explain why I sometimes randomly get pop-ups about XSS blocks when I'm browsing something heavy on images
MimicFaux wrote:I remember my first time, full of wonderment and excitement playing this game I had heard so many stories about.
on the arrival shuttle, I saw the iconic toolbox on the ground. I clubbed myself in the head with it trying to figure out the controls.
Setting the tool box, now bloodied, back on the table; I went to heal myself with a medkit. I clubbed myself in the head with that too.
I've come a long ways from asking how to switch hands.
Spoiler:
-
Saegrimr
- Joined: Thu Jul 24, 2014 4:39 pm
- Byond Username: Saegrimr
Re: Avoid imgur
tl;dr
Imgur allowed someone to upload an HTML page instead of actually an image. The "direct link" to the image like /whatever.jpg actually sends you to that HTML page.
The page has the image you were hoping to see on it (in hopes to look legit), except its not properly aligned, resized, or has the correct background color usually. If you've noticed any of that on images, congrats you were affected. It also disguised itself to load the proper direct image link after its already infected you, so you'll only see the odd image load once.
The exploit loaded a flash object off screen, which then saved some sneaky scripts into your localStorage.
Fortunately, the person who did this is an autist and instead of doing any actual real damage, it was made to do -something- to 8chan servers. The problem here is it still allows arbitrary code execution because imgur was retarded.
TO REMOVE IT:
Clear your cache and localStorage. Theres plenty of guides on google for whatever specific browser you use to clear it. If you use firefox, the Foundstone HTML5 Local Storage plugin works great for just nuking the entire thing. Worst case scenario is you have to log back in to whatever websites you have remembering your logins, and local page display settings. Alternatively if you have CCleaner, just use that.
Uninstall/disable Flash. That's the method of delivery, and once again flash is responsible for retarded exploits. If you absolutely need flash for something (remember, youtube has an HTML5 player), there are settings to have flash ASK YOU if you want to run the plugin on a specific page when you load the page.
Use NoScript, it takes measures against XSS exploits.
The affected sites (8chan/imgur) have claimed to have fixed issue but that doesn't stop the people who were already affected.
Imgur allowed someone to upload an HTML page instead of actually an image. The "direct link" to the image like /whatever.jpg actually sends you to that HTML page.
The page has the image you were hoping to see on it (in hopes to look legit), except its not properly aligned, resized, or has the correct background color usually. If you've noticed any of that on images, congrats you were affected. It also disguised itself to load the proper direct image link after its already infected you, so you'll only see the odd image load once.
The exploit loaded a flash object off screen, which then saved some sneaky scripts into your localStorage.
Fortunately, the person who did this is an autist and instead of doing any actual real damage, it was made to do -something- to 8chan servers. The problem here is it still allows arbitrary code execution because imgur was retarded.
TO REMOVE IT:
Clear your cache and localStorage. Theres plenty of guides on google for whatever specific browser you use to clear it. If you use firefox, the Foundstone HTML5 Local Storage plugin works great for just nuking the entire thing. Worst case scenario is you have to log back in to whatever websites you have remembering your logins, and local page display settings. Alternatively if you have CCleaner, just use that.
Uninstall/disable Flash. That's the method of delivery, and once again flash is responsible for retarded exploits. If you absolutely need flash for something (remember, youtube has an HTML5 player), there are settings to have flash ASK YOU if you want to run the plugin on a specific page when you load the page.
Use NoScript, it takes measures against XSS exploits.
The affected sites (8chan/imgur) have claimed to have fixed issue but that doesn't stop the people who were already affected.
tedward1337 wrote:Sae is like the racist grandad who everyone laughs at for being racist, but deep down we all know he's right.
-
oranges
- Code Maintainer
- Joined: Tue Apr 15, 2014 9:16 pm
- Byond Username: Optimumtact
- Github Username: optimumtact
- Location: #CHATSHITGETBANGED
Re: Avoid imgur
thats a browser setting, in firefox you can set it in about:addons - set flash to be always ask (nb you can tell it to remember the setting on sites like youtube or your favourite porn site)
Who is online
Users browsing this forum: No registered users