Users browsing this thread: 1 Guest(s)
JavaScript -> Auto-updating Image
#10
(11-08-2013, 01:15 PM)PatientZero Wrote: If I'm understanding you right, and this is more for my own personal reference here (haven't used php in a few years now), are you saying that by setting the header to treat the file like an image and just "repeating" the data from the image via PHP you can then reference that directly wherever you'd reference the original image?
That's roughly what I was considering with this problem but I wasn't sure about the process or specific syntax for "pretend to be this picture".

[jargon]

Also I'm a big dummy and hadn't even considered the security issue of allowing arbitrary code to be run that way, which is stupid because I know I've actually exploited that loophole myself more than a few times.

I'd be interested in seeing the code for it myself if/when you can put something together, it's an interestingly convoluted problem from my perspective and I'm always down with learning how magic tricks are done.
PHP has a library called GD that allows it to 'draw' images and provide this as output instead of say, a HTML page (as we're used to). It can also copy parts of other images into the image it is creating before serving it. It's a pretty simple process, but you can just serve other images as this specific 'image'. The header magic only really matters when you try to download the file, considering the OS will treat a "php" file as text even though it might be a PNG image. Using PHP to serve images allows you to programmatically define what the image is, which can be handy for dynamic sigs Smile

The fun (for the web dev, at least!) part is when you use the dynamic powers of PHP to define other files! Using code to write code Ninja
I wanted to use a PHP file to generate dynamic CSS at one point for a day/night transition depending on when you visit the site, but :effort:

From the client's HTML side though, the extension of the 'image' doesn't really matter as long as the server sends an image; file extensions of URLs only really matter to the web server, as it needs to handle the files a specific way when a client accesses the URL. This is why arbitrary PHP execution exploits can happen when configuration files are .php files (since the programmer naively thinks that this is a good way to prevent leakage of sensitive information within config files. They should use .htaccess or something)

Haha :v
I've never used Javascript in that way, I've only dealt with things like SQL Injection and arbitrary PHP execution vulns (those are fun though).
Thanked by: PatientZero, puggsoy


Messages In This Thread
JavaScript -> Auto-updating Image - by puggsoy - 11-06-2013, 03:51 PM
RE: JavaScript -> Auto-updating Image - by Phaze - 11-08-2013, 10:58 AM
RE: JavaScript -> Auto-updating Image - by Phaze - 11-08-2013, 04:28 PM
RE: JavaScript -> Auto-updating Image - by Phaze - 11-08-2013, 02:38 PM
RE: JavaScript -> Auto-updating Image - by Phaze - 11-08-2013, 08:48 PM
RE: JavaScript -> Auto-updating Image - by Phaze - 11-09-2013, 07:18 PM
RE: JavaScript -> Auto-updating Image - by Phaze - 11-09-2013, 10:32 PM
RE: JavaScript -> Auto-updating Image - by Phaze - 11-09-2013, 10:56 PM
RE: JavaScript -> Auto-updating Image - by Phaze - 11-09-2013, 11:16 PM
RE: JavaScript -> Auto-updating Image - by Phaze - 11-10-2013, 01:38 AM
RE: JavaScript -> Auto-updating Image - by Phaze - 11-10-2013, 10:58 AM
RE: JavaScript -> Auto-updating Image - by Phaze - 11-10-2013, 03:04 PM
RE: JavaScript -> Auto-updating Image - by Phaze - 11-10-2013, 06:37 PM
RE: JavaScript -> Auto-updating Image - by Phaze - 11-11-2013, 02:03 AM
RE: JavaScript -> Auto-updating Image - by Phaze - 11-11-2013, 07:16 PM

Forum Jump: