I've heard from a friend that the WWW-Authenticate header can be explicitly defined within a malicious php file on a remote server and use an image mimetype e.g. image/jpeg or image/png.
Hypothetical Situation
Say this file is malicious.com/image.php and I add this image to my forum signature on some arbitrary forum. Specifically, gaiaonline.com. When another visitor visits a thread with my post on it, they'll see the login prompt given by the WWW-Authenticate header. After the visitor/victim has input their username/password, the hacker can store it on their remote server, email it to themselves, etc.
Malicious code: <img src="malicious.com/image.php" /> containing WWW-A开发者_StackOverflow社区uthenticate header. Can be input through standard posting/BBcode.
How can this be fixed? I would think that a cross-domain access is available for this.
It can't be "fixed" except by disallowing any external images (e.g. by proxying them through your server so users never hit the real URL).
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论