Follow

Found a browser extension allowing to circumvent same-origin policy, but only for some images and CSS stylesheets. Now it would be great to illustrate the issue by attacking an actual website. What websites out there leak sensitive data via predictable image or CSS URLs?

· · Web · 1 · 1 · 0

SVG images would work as well, maybe there are real-world websites putting sensitive data into those…

Found out that storage.live.com/mydata/myprof always points to your Microsoft account’s avatar. This will do, reading out this image across domain boundaries allows deanonymizing website visitors.

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.