开发者

Find out if someone is logged in gmail, yahoo and facebook

I am working on a web application where I have to tell user that he is logged in gmail or yahoo or facebook account. I think this can be done using cookies.

How to find out i开发者_StackOverflow社区t?

what is the cookie name of these accounts, so that I can check their presence


Gmail can be tested by linking to a public image in your own google account. Facebook can be tested by loading your own profile, as a script. Both of these links will succeed if the person is logged into the respective service and fail if they are not. Afraid I don't know specific details for Yahoo but I imagine a similar technique would work.

A good article on this is located here, I believe the techniques both still work:

https://grepular.com/Abusing_HTTP_Status_Codes_to_Expose_Private_Information


This is inherently meant to be IMPOSSIBLE. What you are asking for would be by definition, a cross site scripting attack, everything about a web browser is supposed to stop you from doing this.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜