Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: tinyurl.com - Local Clipboard

From: Shaun <shaun () shaunc com>
Date: Thu, 15 Mar 2007 12:30:48 -0500
I took a quick look and it appears that they aren't trying to read the
clipboard, they're trying to write the generated tinyurl to it for the
folks who are too lazy to control-c it out of the page. Annoying to have
your clipboard contents clobbered, but not really a threat.

It didn't do anything in FF2.

-s

On Thu, 15 Mar 2007 10:15:53 -0400
<jay.tomas () infosecguru com> wrote:


"TinyURL.com 
Making long URLs usable! More than 29 million of them. Over 700 million hits/month."

Word of warning. When you submit a url to be shortened by tinyurl.com they attempt to steal the contents of your 
local clipboard.

IE7 intercepts this and ask whether you want a site to be able to access your clipboard or not. Not sure how IE6, 
Opera and Firefox behave.

Sent an email to inquire about why they were trying to access. No response as of yet.

Jay




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: