[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] Checking existence of firewalled URLs via javascript's script.onload

To: fulldisclosure@xxxxxxxxxxxx
Subject: [FD] Checking existence of firewalled URLs via javascript's script.onload
From: Georgi Guninski <gguninski@xxxxxxxxx>
Date: Wed, 19 Apr 2023 15:49:51 +0300

There is minor information disclosure vulnerability similar
to nmap in browser.

It is possible to check the existence of firewalled URL U via
the following javascript in a browser:

<script src="U"
    onload="alert('Exists')"
    onerror="alert('Does not exist')">

This might have privacy implication on potentially
"semi-blind CSRF" (XXX does this makes sense?).

Works for me in Firefox, Chrome and Chromium 112.

I believe the issue won't be fixed because it will break
stuff in the mess called internet.

For online test:

https://www.guninski.com/onload2.html

-- 
guninski:  https://j.ludost.net/resumegg.pdf
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Follow-Ups:
- Re: [FD] Checking existence of firewalled URLs via javascript's script.onload
  - From: Jonathan Gregson via Fulldisclosure

Prev by Date: [FD] Checking existence of firewalled web servers in Firefox via iframe.onload
Next by Date: [FD] Security vulnerabilities in Telit Cinterion IoT (formerly Thales) devices
Previous by thread: [FD] Checking existence of firewalled web servers in Firefox via iframe.onload
Next by thread: Re: [FD] Checking existence of firewalled URLs via javascript's script.onload
Index(es):
- Date
- Thread