Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Sitestats.gif

  1. Home
  2. Forum
  3. Web hacking
  4. Sitestats.gif

ghost's Avatar

ghost

0 0

There's this certain site I love, but I'm in a little trouble with the webmaster now… I found this script at the bottom of the page:

 var jv=1.0;
//--></script>
<script language=Javascript1.1><!--
 jv=1.1;
//--></script>
<script language=Javascript1.2><!--
 jv=1.2;
//--></script>
<script language=Javascript1.3><!--
 jv=1.3;
//--></script>
<script language=Javascript1.4><!--
 jv=1.4;
//--></script>
<script><!--
 function SiteStats_7134(){
  var t=new Date();
  var o='o='+t.getTimezoneOffset()+';';
  t=t.getTime();
  var isNN4=(document.layers)?true:false;
  var isCSS=(document.all)?true:false;
  var t='t='+t+';';
  var b='b='+(isCSS?(document.body.clientWidth+'x'+document.body.clientHeight):isNN4?(innerWidth+'x'+innerHeight):'')+';';
  var s='s='+(isCSS||isNN4?(screen.width+'x'+screen.height):'')+';';
  var c='c='+(isCSS||isNN4?screen.colorDepth :'')+';';
  var j='j='+jv+';'
  var p='p='+escape(location.href)+';';
  var r='r='+escape(document.referrer)+';';
  var u='http://www.thatwebsite.com/cgi-bin/sitestats.gif?'+t+b+s+c+j+o+p+r;
  document.write('<img src='+u+' width=1 height=1 style="position:absolute">');
  var f='var e=new Date();e=e.getTime();var I=new Image(1,1);I.src="'+u+'e="+e+";";';
  window.onunload=new Function(f);
  setTimeout('alive_7134("'+u+'")',0x249F0);
 }
 function alive_7134(u){
  var e=new Date();var I=new Image(1,1); I.src=u+'alive=1;t='+e.getTime(); setTimeout('alive_7134("'+u+'")',0x249F0);
 }
 SiteStats_7134();
//--></script><noscript><img src=http://www.thatwebsite.com/cgi-bin/sitestats.gif?p=http%3A%2F%2Fwww.thatwebsite.com%2Ffolder%2Fpage.htm;r=http%3A%2F%2Fwww.thatwebsite.com%2Ffolder%2F; width=1 height=1></noscript>```

What it seemed to do is log the page I'm viewing, and probably also my IP. So, for fun, I tried to add a message to the logs in the form of a URL by going to http://www.thatwebsite.com/cgi-bin/sitestats.gif?p=INSERT%20MY%20MESSAGE%20HERE

Now, the webmaster reports that he can no longer view the IP addresses of individual users on his site from his site stats page. Could this truly have been a direct result of my injection? Because I now notice I forgot to add a value for the variable r... But any piece of code that can fall apart by an injection with one missing value, or maybe mention of a non-existant page, shouldn't be used anyways, correct?

EDIT: Never mind. One way or another, the webmaster resolved it.