[thelist] Using img tags to track users...
Ivan Stuart Cronyn
ivan at citsystems.net
Thu Mar 15 08:03:02 CST 2001
Isn't this the same kind of thing done with the Reaper exploit (see
http://www.geocities.com/researchtriangle/facility/8332/reaper-exploit-relea
se.html)- instead of just adding the emailID and UserID, the exploit uses
document.body.innerText (or the equivalent) to write this into the
querystring.
This allows you to see all the text from all the responses to the message
in the future, too!
Disclaimer: This would be a very naughty thing to do, and I would not
recommend it.
Ivan the Terrible
> Here's another example...If you want to track who opens your HTML email.
>
> Put this tag in your email:
>
> <img src="checkUser.asp?EmailID=1&UserID=1234" width=1 height=1>
>
etc
More information about the thelist
mailing list