|
-
Jan 31st, 2002, 12:21 PM
#1
Thread Starter
Member
Using a .gif extention for a file with javascripts in it.
here's an odd post... I was building a tracking system to track hits to a website and was looking at another company's tracker to get some insite. What I discoverd was very odd.
The way they work is they give users a javascript code to paste into their page. This code gets the info from the viewer (browser, screen size, etc) and document writes an image link to an image on thier server, but heres the odd part... the image link has a query string on the image name with the info it received from the user's system. ie:
document.write = '<img src="www.server.com/fake.gif?sres=' + sres + '&browser=' +brow + ' " height="1" width="1">
like that (but formatted correctly...im just throwing it out there to give an idea. I built a page with nothing but a javascript alert and then renamed it .gif and it will exicute the javascript, but my test concluded that the trick will not work on asp. I did however make a javescript redirect to an asp page and named it .gif and that worked.
My main question is how are they adding the info from the query string into the database (the user never sees anything)...
sorry if i am unclear but i was interuppted in the middle of this post and hope i covered it all . also, is this an old trick i have never heard of?
thanks in advance,
Michael
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|