Possible attempt at an exploit?

[JernejL]

A member has embedded this into his private message, i see no reason why anyone would attempt to embed a base64 encoded picture in a private message to admin, this is the text:

Code Select Expand


[img]http://forumname.net/data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAkGBwgHBgkIBwgKCgkLDRYPDQwMDRsUFRAWIB0iIiAdHx8kKDQsJCYxJx8fLT0tMTU3Ojo6Iys/RD84QzQ5Ojf/2wBDAQoKCg0MDRoPDxo3JR8lNzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzf/wAARCACLALoDASIAAhEBAxEB/8QAGwAAAgMBAQEAAAAAAAAAAAAABAUCAwYBAAf/xAA7EAACAQMDAgUCAggFBAMAAAABAgMABBESITEFQRMiUWFxBpGBoRQjMkJiwdHhFTNScrEWJFPwkqLS/8QAGQEAAwEBAQAAAAAAAAAAAAAAAAECAwQF/8QAIhEAAgICAgICAwAAAAAAAAAAAAECEQMhEjETQSJRUmFx/9oADAMBAAIRAxEAPwD6PmvYAwQee1eyN/Uce9ZP6j6jJJePaoxWGMjIz+0cd682UqN4R5OjViSNjgOhPoGBrOdb6tJJcm1tZCqLszqf2jWd1kny7Y9KvhBxjms3KzohiSdhkSkjyjHvmiLe4uLVtULlfUcg/hUIPKuCKuULqFCNGkxzZdYhmGi6CxNjn90/0phlWTUrBl9Qc1lWj3P5VKKKSMB1Z1zxpOKtSZjLFfQ4uCdZ074rkMJgmMinZxlhQUd1KhxMNS+oG9NFZZkR42DKRjIq4uzGUHHs7cFhFqAzSk6i7E06xmLSKBuIiMnaqJFd42ItmOTyKXSYEa4Xmjr5NECk/tZOaXTMMLg8CgCps55qiYVc/ANBXUvhsBgnNIZXJ7VQdqsZtQ1DiqzQBxm2wRmuBxtjY5qLbVAnPFAF7S6gQRvVDnHPFeGQdt6Iitml3YYFAA6kBgRzRWo+h+1WrZwmQNKMhdhg0Rpt/QUgPobsEUtIV0AZJPpXzy8nEtzLICfO5YZ9Cdq0f1heeDaJbK3nkbJAP7orHFydqxk9m+JUrDbc5JHrTCBcdqU2pIcfanEIOkVJuFJxVijeq0zVuDzVImyeoKj6+ynBq6OdRFGNsFtvb1oSRfGjaIHDEbUot5r6a6ZTbSxRxnSGbv74FaR2M1T+Fp1HAFc6c+J2RVYROMg+p9hVFhDkAyMXP8Xb8KNtVze+XBKoTjPxT9mc38RjgCMd/igp0O+rg8Zoi4cpDzigjqdctuMd6s5RZ1TBRVU98UpdCpIbFMrwESoDxnNBXS+dgTigEC8jbehZgrZyM0UIyIiqkaveqCp4NIoFI2wBt6VQ5xRci44oeRc0CKijOMioxqScH70ZE8UcZLn8BXYU8R9RXA7Cpci4wbPW1mZSCu2Kb29kFXDLmuWiBeOKOyAKjs6FFJC6WwB1CPZsbZpUVcHBQg1oZHAOe9UHQTk8n2qlKjOWNPoD6vJL1O7e6t11xHAUZ3G1LfDdGw6lT6GqT0nqduPGsbtZlHdWw39D96lD1+e2kEHWLMSRnbIGmQe/ofsPmn4U+mRHI46oOt0wQacW4JQYGaEsJLHqO/TpiXG5hcYcfh3/AAJ/CmNvGU/aGKjxuPZspplqr6jFWV0EY5rhFIZXJtuDuKnbzxgZfAbjjvUHFUMits6hh7006KQ1FxAoBJXPtRvR9E5knB2I0hiOQDz+dZVrRdykkiegzqH51ouhyJ4Zt12ZRnT2x6iqi7Znl60H9Riklgc2w1NwKrhj/wC1RJ8K+nfHGaMwEyeFIoCVwJCQTj3rQ5RTfg/piqRtkb0DOMztq9aY3uf0ldWwpbPKNbrz70hgs+GPlXYUMavJODVJXO57UhlZXVQ7LvirHJVqC6lK6qhiPmzuPWlJ0ioR5Ojh/WS4TgE70ztkAxpG3/NAWcTDG3O5zzmnMEYAFZROj+BVutXspxtUYFAFWkEjaqHYN4Jc5Y7V3w/4KuI2qvUaZPZl7OSWFg8DsjeqnGabx3tvdxmHqNqsin96MAH7cH8MUsS0nQfq2/AiprqRgJkKe/Y0RybFLGmiy9+lVeM3XSZhJGDqwWOVx+Y39fvXbL6jnsn/AEbrcbtjYTKv6wf7h+8Pfn3NE2s0ttKssL6WG6kGiLxLLrcfg3iCCfHklTYZ+O3xx8V0RkmjCUGhnDIlzCs0EqSxtw6HINW42rMfT/R+o9J6jcJNJm1HGndZfQkdj+daESnVgfY7moni/EcM3plhGarKipLIGPBrzEVi4tHQpxfRURsRjmu2LtHexAE7OBtzg16SRUUscHHb1pl0jpcrN+lzHw3I8kZG4PqacU7FklSGzTo0YoGQBstnAHej4rdQmCcY5zVEroh0KMj1rU5DO3sxklxq/Z9aXM4d9jn1o+/0fpTBR80sWFY3YjO/vQNHrkBWxG2oVALtvkn2rrZGMetWKVUd80hgskbDdlwD3oKRA0gB3wdqY3JbwyXZIk/1O2BSmbqfTbckveCV/RBkColFyVIuDSdsZW6AY2pnEnFZRPqODV+rjl0+ukfzouL6st0bS8MpGdiMZ/5oWKRfliaqNauC+Ws5B9W9PY4bx4x/HEP5E03s+tdLu/IOo28ZPHiHR+bYrRYpC8qCWG1U4FMJLCcRCSMB0O4dDqU/BGQaD8J/T86l45LtD5xfsXJbEcGr1tDJs4yPcUbbx6hlhRgQadhWSRo2I5+klE122duVzQMeGbGPMDuD2rUsmcUt6hYawZYhiZeP4vY1VV0S9kWvJoIY4pIvFjB2YnSV/Lf8ajE9vdrIbWfUuSpDAjH4j+1G22m5t1ZMZxgqeQRyKoVzFO8AstCMdQlXGD657g1SyPowcVYP0/p3+HRsiCXSx1Eu2oZxjb+1RnmzKcHb3zVt5JojLLlVPvSSS9kQkrKQfvVqdojjQ7tSWcaiNIPb+taDo3VFub64tHbU6Rhg5IOcnBH4bfesknWobLxLW4RXkxlZ0JUEevv7jb5pd0Lrk1h1vx/BSUyDS4Ztt8cEfBrSlWibd7PoXU+qR9LKiVHlec+RF5AHf43oJuoQSNrWPDfINZ6fqqdX6tJcSOsQQARoZCNI/wDcmiUUlSVbUOdiDUUUyF7KEnLPgBtxjehHuYjwx+xqi5lRpn8w9AdNC28JDuZLgyF8eUKAq49KKCw/xojuXwBvuMUk671W5tZ44bWENNKoZcecgfAphLcQ2P62WVRp3G4G9Z3qX1BPcXcs9uqRySY1TaQGbAxx2oUSr0cfpXUrlfH6pcpCx/enfJHwooc2XTLf/N6h4p76cCl8zPKxaWV5GPdmJoWRjxtWii67ItD+OboinDM7Adsn+VNLX/pydcaZh75asbBGZZQgxljWhtrYR4VQM+tTN8TSEXIfJ0boc+BDdhNs+eQjH3FEx/Q7XiarC6WT/bhx/wDU0ugtyg3FXxB45AyZRhwQcGpWVfRXib9kpPpf6l6RIXsPGVu5tpCD+I2zQx6v9YKSpm6hkbbwH/8ANaGD6h6xbBQt68irws2HH571d/1h1L/xwf8AxNbrJF+zN45IZKCBtVsZPPaoBwBvVUlwAduK40dQwUqRuaomdU25pZNfBTsarhluLxjFbRtK/fB4+T2poTZI3ItL1SMaJjpPs3Y/yo+4mhA8zAEjIqMP02JAG6hMzHOdEZ2BHviq7y1CMy42DbHvUtbMW03oXdYnj8JQjA+uBwayXUfHdcW8vhuDnOM5HpxWi6ipTOVGMbUhn2PGSKqGiWBJLcGFUmjHiLnLoww39KIhvoenzrLfoI0lAzMF1EDjO2fShIDNI0q3KhGAyjICVb2r0sSrDqlVvDQ51YOB810LejMLnacN4nS5sxFWHiQMD4qE8Muc+2/pSh3liJKPLHk7YyBV7s8MEFx0/S2jV+sjGWXjGfuRQkl9JJC1tJupYNscEMKIrVMbIPPK2/jSZ/3mpwXWmQeM0hXBz5z6bHn1xQufeoF8ONgaqgDbu+N2kYlt4o3jAXxYlxrH8Qzz70GZPWuTTs7M7HcnNUatTgDvz8UCDLa2uL19NumRwWOwFNrX6ayczyZPcdqa9Etlh6ZCpxnBJx80xRQN6555JN0jqx41WwC1+nolHlkC/Cijl6CwGYrkg+4q9ZAGABptb/5fFZ0n2abRn5Om9RiGUkMmP9Lf1qgy3duf10XySK1WCe/2quRVKkMoYe9Lj9MdmdTqETghwV9694qf+UUXe9LgnyY8Rye1LP8AB5/9cf3p3JBSNc847ml1ze4BA2oaa4ZsgGnfRvp5pQJ79WAb9iI5B+T/AEqkjOUqM+17HBOhvIpmi5IUYz+JrR2f1f0SOIIkc9uo/dEQI/I0dN0VmyIXB9VYUE/QmDeezRvcKDT5foybTCI/qqyuWMdkk8rH1TSo/nVEt5I9zEGhOJQ2ZFOyY4H5VH9AuQCIbdgAMaETTn5NVWdneNIYJctKzFivAQfPYVL2LQp61dBJsNFLgH9sKCOfnP5Uhd1lQSRnKsMg19CvPpwSwvouQjsNmaEMR7b0nufpBl3F8p9vC/vVLSJZhpmdZ41KHwnOGcb6fc+1eZdAkiMilHGCFbuDkHHfetc/0HeywB4Lu2OTgIwZf61G6+jurQCBrOyJfA1SCcYVx8ncGtIySJaMXH05oRLLDGWBU4JUrkgjgjnbPevPeyliZkDkpg6gCT9xX3CxsI7HoUPT2VSUj8/oWPJ+5r5Be215aSG3v/BDxFvDW4JDSAHGFzzxmqUrYGcIXAAYkgc+vvUIgvjprI06hnPpmrbp42ldgpQMchQAAvG3x/WhS2DnirAbnp0dxKFtiFbLZUknjcbc0ss4TNM7IP2VyR6eYD+dWteXJGDIw31ZA4NXfT0iDqoimOkTxtFqPGo4K/moHzihiNJ0abXYxHPAxTRGyuaT2gEAKgaUYk6fQ53H3zTJG8m3euOT2d0XaJxnVKAK0NqpMY3/ACrNQ/54J2Ga1FpcRaAAP+KSexsmAmcE1GWMadqmZIwe1T8RCuMCqsKFcq71TpP/AKaaSpGd9qH8JvUUrAZ9F6DHZgS3CiS5x3HlX4/rTpQDjIJ08b14c/2qwKdR2/DGK0ONuyDeUZww+akh1Lk5I+amUJBBQ8dzVVuGDNGQcDj4oEWqc/u10Kqg4XGa6Fxw2B3qWQR7UUBU8ept+1A3C4fc7HmmIwTnzCgp0BYknmgBhaRILaMcnnirpYyQMAHfOP51PpwD20bjuCKvbAx5c771dCALuPxIsg6SOSKz3W7aC7t3F3BHLo4Eig5Faa+kVEGcZPasz15SsDsxcFht6GgDDP8ATfTrgsTA0XoUc/8AFJ7v6QlVi1ncq4zssi4P3Fa+BcZ9Nq7JGeQDimBgJOlToUXqKtbwrlQ6xs6p3zt6kUsSBIpmWSQApgxyLwGByDX1Ix5XPNLb/odhehjJaoJD+8nlY/OKrkFCOC5S4sFvdShZJfDlUneOTGx+CBTC0kydJ57V2w6TY9LE8ZtjPb3CaJ42bLEDgoezDfBqqaGOzucW9wJ4sZSTGCR6EdmGNxXPkW7R0YpegubHCduaMs5dCAEmlqyZq1H3GKzRsOfGDAEVYJfegbbcYPNEadJzVISLZJCdgf7VX4j+tQOeABvUMn/Uaehm/OCoBIJPapAZCjGRxvzXWVcqcDcVWGKk4OMVZxFo2ICr+fFT0jkkZ+a4vmLZ3wKkgpiOOMqPMB710DGRipN2rhO5/CgCLEZK8DFASICxxuM0wZQQxxQhAD4HFIY1tEX9EURkahwAauVpAAGAz3xQnSwNEg7ZzRkewOPWtESC3Saj5wDjjbis39TKPCGl847GtU5OW9jtWZ+pz+p09iMmkOzPJD5NmzmpRplCATgHioQHKnPrir4P8wjtTAHkzjfaoRnGRir5wKpSj0MEvlGNs/ekV8pTDbas5OKfdRH6knvSGbeIk84NZS6Lg6kchfK0RGaAtiaOTtWJ1h9rJhhvR+SzDFKYtmOKZITgfFUiSZBDCuafau/vD4qVMo//2Q==[/img]


While decoded it looks like it has sort of a proper jpg header, it doesn't seem to be a valid jpg file (in google chrome), what could this be trying to do? virustotal found nothing.

I'm running SMF 2.0 RC4 | SMF + SimplePortal 2.3.3.

[ziycon]

Welcome to the site!

This is a data uri, they will become more common with releases of future browsers. http://en.wikipedia.org/wiki/Data_URI_scheme

[JernejL]

I know it's purpose and am aware of a past exploit in this in smf, so i am kinda suspicous when a person put a broken data url of a picture into a message, i will appreciate if someone can can verify that this case isn't an issue.