firekeeper warns about gif images used

Discussion about forum rules, new moderators, website content, website layout, VideoLAN artwork etc..
Forum rules
Please read the forum's rules carefully before posting. This forum should not be used to post VLC usage related questions.
vddiabolic
New Cone
New Cone
Posts: 2
Joined: 31 Oct 2007 17:32

firekeeper warns about gif images used

Postby vddiabolic » 31 Oct 2007 17:41

Hi there,

when I visited the site the mozilla firekeeper plugin warns about hidden javascript in the gif images of the main site:

=== Triggered rule ===
alert (msg:"smuggling Javascript inside an image"; headers_content:"image"; nocase; headers_re:"/^Content-Type.*image/mi"; body_re:"/<script/i";)

=== Request URL ===
http://download.videolan.org/images/panel-blue/tl.gif

=== Response headers ===
Content-Type: image/gif
Etag: "-4592858438067298178"
Accept-Ranges: bytes
Last-Modified: Mon, 21 Aug 2006 22:19:43 GMT
Content-Length: 1509
Date: Tue, 30 Oct 2007 13:02:43 GMT
Server: lighttpd/1.4.13
Connection: Keep-Alive

=== Response body ===
GIF89a.......................................................................................................!.......,...........`%..d.h..l..p,.tm.x..|....pH,....ri"....dJ.Z...v..z...xL.....z.n....|N...x..B..$........................................#...................."..............."...............
.....................!.;<!-- BEGIN text generated by server. PLEASE REMOVE -->.
<script language='JavaScript' type='text/javascript' src='http://tag2.brinkster.com/adx.js'></script>.
<script language='JavaScript' type='text/javascript'>.
<!--.
if (!document.phpAds_used) document.phpAds_used = ',';.
phpAds_random = new String (Math.random()); phpAds_random = phpAds_random.substring(2,11);.
.
document.write ("<" + "script language='JavaScript' type='text/javascript' src='");.
document.write ("http://tag2.brinkster.com/adjs.php?n=" + phpAds_random);.
document.write ("&what=zone:1&block=1&blockcampaign=1");.
document.write ("&exclude=" + document.phpAds_used);.
if (document.referrer).
document.write ("&referer=" + escape(document.referrer));.
document.write ("'><" + "/script>");.
//-->.
</script>.
<noscript><br><br><div id="Brinkster183" style="font-family:Verdana, Arial, Helvetica, sans-serif; color:#666666; font-size:9px">Web Hosting Provided by <a href="http://www.brinkster.com/rd2.aspx?r=116 ... 7605638336" style="color:#000000" target="_blank">Brinkster</a>.</div></noscript>.
<!-- END text generated by server. PLEASE REMOVE -->.
.

Did anyone else recognize this? Is this put in by the web hoster and can be ignored?

Cheers,
vddiabolic

Jean-Baptiste Kempf
Site Administrator
Site Administrator
Posts: 37523
Joined: 22 Jul 2005 15:29
VLC version: 4.0.0-git
Operating System: Linux, Windows, Mac
Location: Cone, France
Contact:

Re: firekeeper warns about gif images used

Postby Jean-Baptiste Kempf » 31 Oct 2007 19:49

Euh...
Jean-Baptiste Kempf
http://www.jbkempf.com/ - http://www.jbkempf.com/blog/category/Videolan
VLC media player developer, VideoLAN President and Sites administrator
If you want an answer to your question, just be specific and precise. Don't use Private Messages.

CloudStalker
Big Cone-huna
Big Cone-huna
Posts: 2581
Joined: 14 Jan 2007 19:00
VLC version: OVER 9000!!!
Operating System: It's...blue screen
Location: Heaven? No no. What's that other place that starts with an "H"? Oh yes: Home. ^_^

Re: firekeeper warns about gif images used

Postby CloudStalker » 01 Nov 2007 18:46

I haven't noticed this myself. Maybe you could try the Firefox plugin:NoScript.

vddiabolic
New Cone
New Cone
Posts: 2
Joined: 31 Oct 2007 17:32

Re: firekeeper warns about gif images used

Postby vddiabolic » 05 Nov 2007 11:06

Hi,

I have noscript installed as well, it does not warn about it. However, could someone please do me a favor and download http://download.videolan.org/images/panel-blue/tl.gif to the desktop and browse it with a text editor?
I got this (I tried with IE this time to make sure there is no firefox plugin causing this):

GIF89aÄÛçþýþÿéïúßéýó÷ÿâëüøúÿàëÿîôÿìóÿäìûåìûñöÿÞéÿÜçþÛèÿàêüêñÿæíûãìÿëðúÿÿÿ!ù,Ä`%Žãdžhª®lë¾p,Ïtmßx®ï|ïÿÀ pH,È¤ri"Ž‚dJ­Z¯Ø¬vËíz¿à°xL.›Ïè´zÍn»ßð¸|N¯ÛïxÉBš$‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ¡¢£¤¥¦„#§­®¯°±²³´µ¶·¸¹º»™"¼ÁÂÃÄÅÆÇÈÉÊ˶"¬ÌÑÒÓÔÕÖ×ØÙÆ
Úßàáâãäåæ·çëìíîïðñÊ!;<!-- BEGIN text generated by server. PLEASE REMOVE -->
<script language='JavaScript' type='text/javascript' src='http://tag2.brinkster.com/adx.js'></script>
<script language='JavaScript' type='text/javascript'>
<!--
if (!document.phpAds_used) document.phpAds_used = ',';
phpAds_random = new String (Math.random()); phpAds_random = phpAds_random.substring(2,11);

document.write ("<" + "script language='JavaScript' type='text/javascript' src='");
document.write ("http://tag2.brinkster.com/adjs.php?n=" + phpAds_random);
document.write ("&what=zone:1&block=1&blockcampaign=1");
document.write ("&exclude=" + document.phpAds_used);
if (document.referrer)
document.write ("&referer=" + escape(document.referrer));
document.write ("'><" + "/script>");
//-->
</script>
<noscript><br><br><div id="Brinkster183" style="font-family:Verdana, Arial, Helvetica, sans-serif; color:#666666; font-size:9px">Web Hosting Provided by <a href="http://www.brinkster.com/rd2.aspx?r=116 ... 7605638336" style="color:#000000" target="_blank">Brinkster</a>.</div></noscript>
<!-- END text generated by server. PLEASE REMOVE -->

Perhaps my computer itself is the problem?

Cheers,
vddiabolic

joseph5
Cone that earned his stripes
Cone that earned his stripes
Posts: 177
Joined: 29 Nov 2003 19:12

Re: firekeeper warns about gif images used

Postby joseph5 » 05 Nov 2007 22:21

Hi,

I have noscript installed as well, it does not warn about it. However, could someone please do me a favor and download http://download.videolan.org/images/panel-blue/tl.gif to the desktop and browse it with a text editor?
I got this (I tried with IE this time to make sure there is no firefox plugin causing this):
Me too. :?

Arite
Big Cone-huna
Big Cone-huna
Posts: 2478
Joined: 26 Jun 2007 20:40
VLC version: 3.0.20
Operating System: Debian Testing|Win10

Re: firekeeper warns about gif images used

Postby Arite » 06 Nov 2007 00:06

Interesting, yes it does have some javascript in it after the GIF file data. I quickly resaved it in GIMP (with no comments), and the file is identical up to:

Code: Select all

<!-- BEGIN text generated by server. PLEASE REMOVE --> <script language='JavaScript' type='text/javascript' src='http://tag2.brinkster.com/adx.js'></script> <script language='JavaScript' type='text/javascript'> <!-- if (!document.phpAds_used) document.phpAds_used = ','; phpAds_random = new String (Math.random()); phpAds_random = phpAds_random.substring(2,11); document.write ("<" + "script language='JavaScript' type='text/javascript' src='"); document.write ("http://tag2.brinkster.com/adjs.php?n=" + phpAds_random); document.write ("&what=zone:1&block=1&blockcampaign=1"); document.write ("&exclude=" + document.phpAds_used); if (document.referrer) document.write ("&referer=" + escape(document.referrer)); document.write ("'><" + "/script>"); //-->
Where the file ends. Not sure why there is javascript there? I created an animation (two frame loop) and it was also the same, except rather than the javascript at the end, there was the details for the animation section.

Presumably it was an automatically generated *.gif, and it added the javascript at the end of the file aferwards for some reason.

Arite.
Don't use PMs for support questions.


Return to “Forum, Website and Artwork discussion”

Who is online

Users browsing this forum: No registered users and 4 guests