|
|
|
|
|
|
by krackers
1975 days ago
|
|
|
I think you can just load it in a canvas so long as the image has the appropriate cross origin header [1]. So the entire attack would look like 1. On site A, make a request to eviltracker (e.g. load an image); eviltracker returns an image encoding some unique identifier. Maybe the image request contained some cookie data which the server includes as part of the image. 2. On site B, make another request to evil tracker with the same URL. Browser helpfully notices that the image has been cached, and so site B can access the information contained within that information. In such a manner, information has been transferred from site A to B. You could theoretically repeat this process again: make another non-caching request to eviltracker (maybe with some cookie set to the combined A+B info) [1] https://developer.mozilla.org/en-US/docs/Web/HTML/CORS_enabl... |
|
|