|
Remotely Viewing A User’s Web History With CSS |
|
|
|
Source: The Coffee Desk - Posted by Alex
|
Throughout the years, there have been several JavaScript/CSS/VBScript exploits in various browsers (and by “various”, I mean mostly Internet Explorer) that allow a remote site to view a user’s complete web history.
There is a technique, however, for easily recording a user’s browsing history without relying on a remote code execution exploit, and the only requirement is a fairly W3C CSS-compliant browser. That’s right – even JavaScript-disabled visitors can still have their browsing histories compromised with this technique.
The Disclaimer
This code is provided as an example of a flaw which spans several web browsers, but is not meant to be implemented on an actual functional web site outside of the purpose of demonstration (as we provide below). Production usage of this code is considered a violation of privacy from both the standpoint of the end-user(s) and law enforcement in some regions.
Read this full article at The Coffee Desk
Only registered users can write comments.
Please login or register. Powered by AkoComment! |
