Checking existence of firewalled URLs via javascript's script.onload - Cyber Security News

Read Time:21 Second

Posted by Georgi Guninski on Apr 21

There is minor information disclosure vulnerability similar
to nmap in browser.

It is possible to check the existence of firewalled URL U via
the following javascript in a browser:

<script src=”U”
onload=”alert(‘Exists’)”
onerror=”alert(‘Does not exist’)”>

This might have privacy implication on potentially
“semi-blind CSRF” (XXX does this makes sense?).

Works for me in…

More Stories

USN-7417-1: libdbd-mysql-perl vulnerabilities

It was discovered that libdbd-mysql-perl did not correctly handle certain SQL queries. An attacker could possibly use this issue to...

USN-7416-1: Kamailio vulnerabilities

Stelios Tsampas discovered that Kamailio did not correctly handle certain memory operations, which could lead to a buffer overflow. A...

podman-tui-1.5.0-1.fc42

FEDORA-2025-8a7d23116e Packages in this update: podman-tui-1.5.0-1.fc42 Update description: release 1.5.0 Read More

podman-tui-1.5.0-1.el10_1

FEDORA-EPEL-2025-6618927fc5 Packages in this update: podman-tui-1.5.0-1.el10_1 Update description: release 1.5.0 Read More

podman-tui-1.5.0-1.fc41

FEDORA-2025-f1d2ae375e Packages in this update: podman-tui-1.5.0-1.fc41 Update description: release 1.5.0 Read More

rust-below-0.9.0-1.el8

FEDORA-EPEL-2025-ae12e02519 Packages in this update: rust-below-0.9.0-1.el8 Update description: A privilege escalation vulnerability existed in the Below service prior to v0.9.0...