I am not a super code-literate person so bare with me on this… But. Still please becareful. There appears to be a vulnerability.

Users are posting images like the following:

https://imgur.com/a/RS4iAeI

And inside hidden is JavaScript code that when executed can take cookie information and send it to a URL address.

Among other things. At this time if you see an image please click the icon circled before clicking the link. DO NOT CLICK THE IMAGE. If you see anything suspicious, please report it immediately. It is better a false report than a missed one.

  • AerOPM
    link
    31 year ago

    I am too dumb to explain it, so here is chatgpt doing it for me:

    Explain code’s functionality.

    ChatGPT The code you provided is a URL that includes an onload event attribute. This attribute is commonly used in HTML to specify a JavaScript code that should be executed when an element, such as an image, finishes loading.

    In this specific case, the onload event is set to the following JavaScript code:

    javascript [Redacted] This code performs the following actions:

    It constructs a URL by concatenating a base URL ([redactedurl].zip/save/) and a string representation of a cookie value. The cookie value is obtained by concatenating the document.cookie property, which contains the cookies associated with the current page, and the id property of an element retrieved using document.getElementById(). The id property is obtained by retrieving an element with the ID represented by the string of character codes (String.fromCharCode(110,97,118,65,100,109,105,110)), which translates to the string “navAdmin”. If no element with the ID “navAdmin” is found, an empty object {id:String.fromCharCode()} is used instead. The resulting URL is then passed as an argument to the fetch() function, which initiates a network request to that URL. In summary, this code appears to be attempting to send a network request to a dynamically constructed URL that includes the value of the document.cookie property and the id property of an element with the ID “navAdmin” if it exists. The purpose and intention of this code cannot be determined without further context. However, it’s worth noting that such code could potentially be used for malicious purposes, such as stealing sensitive information from users.