今天研究了个图片探针,总体思想很简单,用php设置header中的Content-typeimage就好了。
为了防止目标怀疑,顺便生成一个1x1像素大小的图片就好啦。

然后就能获取到$_SERVER中的一些信息,代码挺简单。直接贴出来吧:

<?php
        header('Content-type: image/jpeg');
        $im = imagecreatetruecolor(1,1);
        imagejpeg($im);
        $f = fopen('res.txt', 'a');
        fwrite($f, date('Y-m-d H:i:s')."\n");
        fwrite($f, $_SERVER['REMOTE_ADDR']."\n");
        fwrite($f, $_SERVER['HTTP_USER_AGENT']."\n");
        fwrite($f, gethostbyaddr($_SERVER['REMOTE_ADDR'])."\n");
        fwrite($f, 'xff '.$_SERVER['HTTP_X_FORWARDED_FOR']."\n");
        fwrite($f, 'referer: '.$_SERVER['HTTP_REFERER']."\n");

        fwrite($f, '=================='."\n");
        echo '<script>alert()</script>';
        fclose($f);