![]() I'm pretty sure the first one would qualify for some sort of bounty, but my experience is most bug bounty programs wouldn't count the second one as valid (requires user interaction). ![]() You send an email with this special url that will cause it to jump directly to that location on load. You add a png with a "Your account has been compromised" or a "fake form" (think Google docs) or whatever your spam message is to a part of a page. I believe this is commonly called an "Oracle attack"Ģ. Similar to a blind sql attack where you gather data/hashes by continuously adding to the SELECT query using a substring function and a sleep (to detect if the substring was found). Start with "a", check scroll position, then "ab", then "abc". I think you could potentially embed an iframe on a page and use the scroll positions combined with this feature to read information on a page. You load too many thumbnails and you get thrown in jail for being trans.įair warning that I have not actually attempted these things, but:ġ. and they can tell if you have watched this video based on how many thumbnails have loaded. This is a little hard to do, especially with pop-up blockers being built into most browsers so it is hard for a site to open many top-level windows (origin isolation of modern browsers will likely block this in iframes) it is not too extreme of a case. If I do this 64 times (on average) I have learned the whole password. ![]() If I can trick you to load #:~:text=Your password is 5 and observe that you looked up the DNS for cdn.example and loaded secure.png (especially if that resource isn't cachable) I have learned the first character of the password. Īs a concrete example imagine that a webpage has something like this past the first page. If an attacker can trick you to open webpages (maybe they intercept a HTTP site and open a few tabs) they can detect if the page scrolled based on side channels (data transfer) or direct information (did you load a lazy-loaded image from their server?). In an extreme case imagine that someone sends you a password in a messaging app which is available via the web. One workaround might be for to pull the v4.19.0 off the Chrome Store and re-publish v4.18.1 so I could get that version back on my Windows/Brave machines.IIUC the main risk is that they can check if text appears on a page based on it. Perhaps I could have figured out what was happening there but it was late and I'd had enough messing around. Then I tried SRWare Iron, and it allowed me to install the crx file the usual way, but when I did a forced download of my bookmarks they didn't appear on my Bookmarks bar. Last night I tried Midori - didn't like it's lack of features, search engine limitations specifically. Here is a thread about that brave/brave-browser#20296. ![]() You can go to your Extensions page and enable Developer Mode, export your settings from floccus, remove it, download the crx file for the release you want, and drop it on the Developer Mode Extensions page.īut with the Windows version of Brave, it won't let you install a crx extension for any version different than the one currently published on the Chrome Webstore. That was fine until this bug in 4.19.0 showed up. They had a bug that wiped all my bookmarks so I jumped to Brave.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |