subject:"\[FD\] Checking existence of firewalled URLs via javascript's script.onload"

Re: [FD] Checking existence of firewalled URLs via javascript's script.onload

2023-04-28 Thread Jonathan Gregson via Fulldisclosure

, Jonathan -Original Message- From: Fulldisclosure On Behalf Of Georgi Guninski Sent: Wednesday, April 19, 2023 05:50 To: fulldisclosure@seclists.org Subject: [FD] Checking existence of firewalled URLs via javascript's script.onload There is minor information disclosure vulnerabil

[FD] Checking existence of firewalled URLs via javascript's script.onload

2023-04-21 Thread Georgi Guninski

There is minor information disclosure vulnerability similar to nmap in browser. It is possible to check the existence of firewalled URL U via the following javascript in a browser: