Find out if someone is logged in gmail, yahoo and facebook
I am working on a web application where I have to tell user that he is logged in gmail
or yahoo
or facebook
account. I think this can be done using cookies
.
Gmail can be tested by linking to a public image in your own google account. Facebook can be tested by loading your own profile, as a script. Both of these links will succeed if the person is logged into the respective service and fail if they are not. Afraid I don't know specific details for Yahoo but I imagine a similar technique would work.
A good article on this is located here, I believe the techniques both still work:
https://grepular.com/Abusing_HTTP_Status_Codes_to_Expose_Private_Information
This is inherently meant to be IMPOSSIBLE. What you are asking for would be by definition, a cross site scripting attack, everything about a web browser is supposed to stop you from doing this.
精彩评论