oss-sec mailing list archives
Checking existence of firewalled URLs via javascript's script.onload
From: Georgi Guninski <gguninski () gmail com>
Date: Wed, 19 Apr 2023 15:45:36 +0300
There is minor information disclosure vulnerability similar to nmap in browser. It is possible to check the existence of firewalled URL U via the following javascript in a browser: <script src="U" onload="alert('Exists')" onerror="alert('Does not exist')"> This might have privacy implication on potentially "semi-blind CSRF" (XXX does this makes sense?). Works for me in Firefox, Chrome and Chromium 112. I believe the issue won't be fixed because it will break stuff in the mess called internet. For online test: https://www.guninski.com/onload2.html -- guninski: https://j.ludost.net/resumegg.pdf
Current thread:
- Checking existence of firewalled URLs via javascript's script.onload Georgi Guninski (Apr 19)
- Re: Checking existence of firewalled URLs via javascript's script.onload Peter Philip Pettersson (Apr 19)
- Re: Checking existence of firewalled URLs via javascript's script.onload Georgi Guninski (Apr 20)
- Re: Checking existence of firewalled URLs via javascript's script.onload Jeremy Stanley (Apr 20)
- Re: Checking existence of firewalled URLs via javascript's script.onload Georgi Guninski (Apr 20)
- Re: Checking existence of firewalled URLs via javascript's script.onload Peter Philip Pettersson (Apr 19)