Full Disclosure: Re: Stealing Browser History Without Using JavaScript

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Re: Stealing Browser History Without Using JavaScript

From: Matthew Flaschen <matthew.flaschen () gatech edu>
Date: Thu, 01 Mar 2007 03:09:18 -0500

RSnake wrote:

      In case anyone is interested, I was able to port the old CSS
history hacking stuff that Jeremiah Grossman originally found to a
version that does not require JavaScript to fire using images and
conditional logic built into CSS using a:visited and display attributes.
It works in both IE7.0 and Firefox 2.0.0.2.  Details at the link below:

http://ha.ckers.org/blog/20070228/steal-browser-history-without-javascript/


"We all know there are still people out there who think turning off
JavaScript protects them from everything."

Damn it...  Good job.  I guess NoScript isn't good enough anymore...

Matt Flaschen

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

Re: Stealing Browser History Without Using JavaScript Matthew Flaschen (Mar 01)
- Re: Stealing Browser History Without Using JavaScript Peter Besenbruch (Mar 01)