Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: tinyurl.com - Local Clipboard
From: Shaun <shaun () shaunc com>
Date: Thu, 15 Mar 2007 12:30:48 -0500

I took a quick look and it appears that they aren't trying to read the
clipboard, they're trying to write the generated tinyurl to it for the
folks who are too lazy to control-c it out of the page. Annoying to have
your clipboard contents clobbered, but not really a threat.

It didn't do anything in FF2.


On Thu, 15 Mar 2007 10:15:53 -0400
<jay.tomas () infosecguru com> wrote:

Making long URLs usable! More than 29 million of them. Over 700 million hits/month."

Word of warning. When you submit a url to be shortened by tinyurl.com they attempt to steal the contents of your 
local clipboard.

IE7 intercepts this and ask whether you want a site to be able to access your clipboard or not. Not sure how IE6, 
Opera and Firefox behave.

Sent an email to inquire about why they were trying to access. No response as of yet.


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]