Hacker News new | ask | show | jobs
by viraptor 3622 days ago
This is just a PoC. Now imagine that the author instead:

1. Writes up that post.

2. Inserts an iframe in the post, which enumerates known sites. (hidden out of view with css tricks)

3. Instead of alerting on screen, sends the results back to their server.

4. Submits to HN.
1 comments
maehwasu 3622 days ago
It's also REALLY easy to deliver that malicious site through web ads, especially background pops.
link