Cross-domain leaks of site logins
Scary Beasts Security
AUGUST 30, 2008
It proceeds by abusing a generic browser cross-domain leak of whether an image exists or not -- via the onload vs. onerror javascript events. The tag permits us to load CSS resource from arbitrary domains. In addition, remember that browsers will happily pluck inline style definitions out of HTML.
Let's personalize your content