DEFCON XV, Las Vegas NV, Aug 2007“The Executable Image Exploit”
The “Executable Image Exploit” lets you insert
a dynamic program into any community
website that allows references to off-domain
images; like MySpace or eBay. By uploading
the following line of HTML to a community
website, <img src=”http://www.mydomain.
com/executable.jpg”> you can launch a
dynamic program that masquerades as a
static image and capable of reading and
writing cookies, analyzing referrer (and other
browser) variables and access databases. It is
even possible to create an image the causes a
Quote from the DEFCON XV program
This lecture described how to disguise computer programs as online images that may be used to gather specific metrics. I
also talked about how these methods were used to help a Private Investigator track an online stalker.
You can watch Michael Schrenk's DEFCON 15 talk here.