[thelist] Interesting new Browser history sniffing trick

Christian Heilmann codepo8 at gmail.com
Tue Aug 22 17:01:29 CDT 2006


> > Now, Jeremiah Grossman found a way around that:
> > http://jeremiahgrossman.blogspot.com/2006/08/i-know-where-youve-been.html
>
> Very nice indeed, but not *quite* finding a way to get the URLs out of
> the browser window (session) history.

Actually further research (aka asking Stuart Langridge) revealed that
it is not a new vulnerability at all:
http://seclists.org/bugtraq/2002/Feb/0271.html

The difference is that nowadays it'll be more common to add an Ajax
request to store the retrieved data on the server with a script or
something like that.


-- 
Chris Heilmann
Book: http://www.beginningjavascript.com
Blog: http://www.wait-till-i.com
Writing: http://icant.co.uk/



More information about the thelist mailing list