Wed 19 Apr 2023 04:02:00 PM EEST

Checking existence of firewalled URLs via javascript’s script.onload

There is minor information disclosure vulnerability similar to nmap in browser.

It is possible to check the existence of firewalled URL U via the following javascript in a browser:

<script src="U" onload="alert('Exists')" onerror="alert('Does not exist')">

This might have privacy implication on potentially “semi-blind CSRF” (XXX does this makes sense?).

Works for me in Firefox, Chrome and Chromium 112.

I believe the issue won’t be fixed because it will break stuff in the mess called internet.

Online test

– guninski:

Posted by joro | Permanent link