How to prevent such attacks when offering image upload service? #1
Comments
|
One option to provente such kind of attack is to use tool to prevent generic Canvas Fingerprinting, that is preventing or alerting the user about JavaScript code reading the content of a canvas. |
|
Still working on recent browsers? |
|
@x0uter good question, I can run some tests to check that |
|
It was great, cause I cannot run. I don't know if I'm doing anything wrong, or recent browsers block it. thanks @expobrain |
|
Hi, @expobrain ! First of all, thank you so much for interesting article and awesome example! Have you tried to run it on latest version of Chrome/Firefox? Also, as I understand, to execute code, I have to write a script which you mentioned? If yes, than how to write self-executable code? |
|
Hi @IgorSasovets , yes, I tested it and it still working. If you want to hide your code in a PNG you can just use my sources out of the box, you don't need to write anything, maybe just minimise and uglify the JS loader. However you can write your own packer and loader to use a different file format like JPG, GIF, WEBP, you name it, the concept is still the same. |
|
Thanks for quick response) I will play with it) |
|
I tested it in latest Firefox and all works as expected) But in Chrome I got error: Seems that it's blocked due to CORS requests policy. Can you please tell me how to solve this issue? |
|
@IgorSasovets I reckon the issue is that you are loading the If you run |
|
Hi, @expobrain ! Sorry for late response. I tried your approach and now it works! Thank you for support!) |
No description provided.
The text was updated successfully, but these errors were encountered: