Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 554
Alerts This Week
Warning Icon 1 554

Exploiting XSS: Capturing User Search Queries with JavaScript

General Esm H446
SPI Labs has discovered a practical method of using JavaScript to detect the search queries a user has entered into arbitrary search engines. All the code needed to steal a user's search queries is written in JavaScript and uses Cascading Style Sheets (CSS). This code could be embedded into any website either by the website owner or by a malicious third party through a Cross-site Scripting (XSS) attack. There it would harvest information about every visitor to that site.