Create an Account
username: password:
 
  MemeStreams Logo

Stealing Search Engine Queries with JavaScript
search
Home Agent Weblogs Social Network Post Help About

Acidus
Picture of Acidus
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Acidus's topics
Arts
Business
Games
Health and Wellness
Home and Garden
Miscellaneous
Current Events
Recreation
Local Information
Science
Society
Sports
Technology

support us

Get MemeStreams Stuff!


 
Stealing Search Engine Queries with JavaScript
Topic: Technology 7:28 pm EDT, Sep 29, 2006

Short and sweet: I can find out what you have been searching Google for from JavaScript. I can put this JavaScript on any site either because I own it (How much do you trust memestreamas.net?) or because I have a XSS vuln that lets me inject JavaScript in the site.

Think the AOL leakage... only for everyone on the internet.

Some fun use cases:

-HMO’s website could check if a visitor has been searching other sites about cancer, cancer treatments, or drug rehab centers.

-Advertising networks could gather information about which topics someone is interested based on their search history and use that to enchance their customer databases.

-Government websites could see if a visitor has been searching for bomb-making instructions.

Whitepaper: http://www.spidynamics.com/assets/documents/JS_SearchQueryTheft.pdf
Proof of concept: http://www.spidynamics.com/spilabs/js-search/index.html

My name is Billy, and I want to destroy the Intarweb with JavaScript.

Stealing Search Engine Queries with JavaScript

Thread [4]


  
 
Powered By Industrial Memetics		RSS2.0