pdp has a really interesting demo code that steals Firefox history using the about-cache directive in Firefox. This is a different method than we’ve seen before, and is quite a bit slower in his demo than Jeremiah’s version but it’s equally clever. If you read his post he describes how this is different than the looking at link color, but you get the idea.

He does it by checking the cache of the images on certain sites you’ve been on. So this actually may be better than the URL checking that Jeremiah built in that it can see if you’ve been on a site where the image was vulnerable before you do the fine grain URL checking. So it can uncover large swaths of a site in a single request since images are often used on many different pages. Pretty clever actually. Nice work pdp!

This entry was posted on Friday, February 23rd, 2007 at 11:26 am and is filed under XSS, Webappsec. You can leave a response as well.