Sign in / up

back to article Hackers upload bot code to Imgur in 8Chan attack

A nasty vulnerability in Imgur was used by attackers to hide malicious code in images, commandeer visitors' browsers, and hose the 4Chan and 8Chan image boards. Imgur has fixed the hole preventing the upload of malicious images, and says the compromised pages were served in targeted attacks and not published to the site's main …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Mike 137 Silver badge
    FAIL

    "...to hide malicious code in images..."

    Really? It's often a good idea to read the original report before summarising it.

    Actually, the malicious code is hiddent in image LINKS.

    The very first sentence of the orginal report states this clearly: "Yesterday a vulnerability was discovered that made it possible to inject malicious code into an image link on Imgur."

    Come on Reg - you're not a red top!

    2 0 Reply
  2. Crazy Operations Guy

    "nixed the ability to serve JavaScript."

    Why would you allow users to upload JavaScript in the first place? Its an image sharing site, so why would you allow anything that isn't a simply jpg, png, gif, bmp, etc...

    0 0 Reply
    1. DCLXV
      Reply Icon

      Re: "nixed the ability to serve JavaScript."

      explanation here http://imgur.com/blog/2015/09/22/imgur-vulnerability-patched/

      0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like