Welcome to WebmasterWorld Guest from 126.96.36.199
Forum Moderators: open
Info about this is available at (among other places):
There are few sites that run this script for educational purposes – just use your favorite SE ti find them
[edited by: Tastatura at 8:28 am (utc) on Sep. 24, 2006]
Common browser behavior (which fulfills a purpose like it should) ... and now that can be used in an exploitatious manner. Talk about being stuck between a rock and a hard place.
... for example one could check if the visitor was at competitor site, etc.
It would be quite nice if competitors place links on their sites pointing to ours! :)
You can't see WHICH sites have been visited but WHETHER a particular site was visited
I'd clarify this even further. Not a SITE, but a URL. For example, if a visitor visited a:
but you are checking against the (create the link to):
Then you will not get a positive answer, because the visitor might have entered the site through a deeper page, and never visited the homepage.
-phishing attacks : malicious website can figure out which bank you are using ( and try to obtain your credentials using methods which are outside of the scope of this post). One only needs to figure out what is login URL, and check against that. Same/similar goes for webmail services, etc. and most other sites that require authentication.
-Profiling (very simplified case intended as an example only): health insurance company can try to figure out if you visited some sites regarding particular illness, etc.
Those are some of few basic examples – a little bit of imagination can provide more interesting (or disturbing) case scenarios.
I am not trying to make huge deal out of this but before I stumbled onto it I was unaware of it - perhaps good deal of people here were aware so this is not news to them.