Hello MPGH!
Recently I found a way to leak IP addresses of the MPGH users and here is my proof of work.
I'm also providing a quick and easy fix for the staff members.
Let's start with the way how MPGH handles user images and signatures.
What it does is simply include the image in the HTML (no cdn, no proxy, just a direct connection).
There is nothing bad in this by itself but I found a smart way of matching the request with the mpgh username.
Every request sends the referrer header with the url where the file is loaded from.
Knowing this you can create a bot which checks the Who's Online page (
https://www.mpgh.net/forum/online.php)
and looks for people who are viewing our XYZ thread where the image has been loaded from.
For optimal performance you can sort the list by "Last Activity" entry by adding ?sort=time parameter.
The last step is to include the dummy image in your signature or thread and gather data.
Data which you can gather using this method:
* Thread id
* Time
* User id
* Username
* IP address
* Country
* Browser used
And here goes my proof of work:
How efficient it is?
By running the bot for 3 days I was able to dump ~2000 users multiple times (25.000 requests).
How effective it is?
Sometimes you get false results so in order to make them more trustworthy you should dump a user at least 3-4 times.
Success rate is around 80%
How to fix it (easy way)
Add referrer-policy header on server response which will restrict data being send from the client inside the referrer.
I suggest using strict-origin-when-cross-origin.
Read more here:
https://developer.mozilla.org/en-US/...eferrer-Policy
* note: it still will be possible to gather data using who's online but success rate will fall to around 10%
* note2: for full fix I'd suggest disabling who's online feature for normal users
How to fix it (hard way)
Create cdn server which will redirect all media requests through it.
Final words
Please don't ban me lmao. This data is available for everyone anyways and I'm just showing the problem so it can be fixed quickly :3
Also I want to show that you are not safe on the internet without VPN even if you visit trusted sites only.
Also please consider switching to Tor
https://www.torproject.org/ <3
Donate for my small research and making MPGH a safer place for all of us ?
BTC: 1NjW3K26ZPZeveW4st4sC249MfyW2w5ZP8
ETH: 0x56b4ED755b7bDD75A954e168EB96f4501F75342d