Share it on Facebook. When the user click on the shared link and come back to the Facebook tab, he should see a fake Facebook login page (in French).
This attack use window.open vector. Since all shared link on Facebook use target="_blank", the opener property is shared with the target page (attacker page) and allow this page to control the facebook tab location
To solve that, Facebook should use a redirect page where the property window.opener is set to null:
<head>
JSON Schema (draft-07) for W3C Customer Experience Digital Data Layer (CEDDL) 1.0
Based on Mikael Kohlmyr's JSON Schema of CEDDL
To test data against the schema:
Or
navigator.sendBeacon()
It's not Azure Monitor and Application Insights
No Grafana plugin exist yet
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <meta charset="utf-8"> | |
| <title>Webpage resources graph</title> | |
| <script> | |
| function readFileAsText(file){ | |
| const reader = new FileReader(); | |
| reader.readAsText(file); | |
| return new Promise((resolve, reject) => { |
| /* | |
| IFrame Resizer light version | |
| Based on [iframe-resizer](https://github.com/davidjbradshaw/iframe-resizer) | |
| - this version lib to have the base/minimal features | |
| - only use default values | |
| - force resize the iframe when parent window is resized | |
| To avoid memory leaks, only iframes (with a specific classname) that are attached to the document are handled | |
| Window events listeners are shared. | |
| If the iframe is removed from document (detached nodes) subsequent message events are ignored |
Example here : http://cdm16038.contentdm.oclc.org/cdm/compoundobject/collection/p15017coll23/id/1842 (from list : http://cdm16038.contentdm.oclc.org/cdm/landingpage/collection/p15017coll23 Hagley Digital Archives)
Execute on each image page, the following JS:
prompt("copy this metalink file data:",'<file name="'+$.trim($("#metadata_object_title").text())+'">\n<resources>\n<url type="http">'+server_api_url + "?CISOROOT=" + thisCollection + "&CISOPTR=" + thisItemId + "&action=2&DMSCALE=100&DMWIDTH="+thisImageInfo.imageinfo.width +"&DMHEIGHT="+thisImageInfo.imageinfo.height+"&DMX=0&DMY=0&DMTEXT=&DMROTATE=0"+'</url>\n</resources>\n</file>');
Into metalink:
For /var/log/system.log full of errors like these ones:
kernel[0]: Sandbox: com.apple.Addres(XXXXX) deny(1) network-outbound /private/var/run/mDNSResponder
com.apple.AddressBook.InternetAccountsBridge[XXXXX]: dnssd_clientstub ConnectToServer: connect()-> No of tries: 1
com.apple.AddressBook.InternetAccountsBridge[XXXXX]: dnssd_clientstub ConnectToServer: connect() failed path:/var/run/mDNSResponder Socket:4 Err:-1 Errno:1 Operation not permitted
How to fix it?
| #!/bin/sh | |
| # Convert folder (unzipped OpenDocument file) to OpenDocument file (odt, ods, etc.) | |
| usage="usage: $(basename "$0") folder file program to create OpenDocument file (odt, ods, etc.) from folder (unzipped OpenDocument file)" | |
| if [ $# -ne 2 ]; then | |
| echo "$usage" | |
| exit 0 | |
| else |
| <?php | |
| if(isset($_GET['videofile'])){ | |
| // PHP encode transfer automatically if you use flush() and output_buffering is activated (don't need to use special header nor chunk metadata) | |
| // http://php.net/manual/en/outcontrol.configuration.php#ini.output-buffering | |
| header('Transfer-Encoding: chunked'); | |
| header('Content-Encoding: none'); | |
| // No cache | |
| header('Cache-Control: no-cache, no-store, must-revalidate'); |
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
| <plist version="1.0"> | |
| <dict> | |
| <key>DisplayProductID</key> | |
| <integer>1854</integer> | |
| <key>DisplayProductName</key> | |
| <string>OSCAR LCD panel</string> | |
| <key>DisplayVendorID</key> | |
| <integer>1970170734</integer> |