Steal Yahoo Crumb By Combining Missing-Iframe and Noscript Tag
Few months ago, while testing some html, I was noticed by a straight behaviour in Firefox. If you disable javascript and open a website, the content inside <noscript> tag does not render as html. Yahoo use crumb as a token to validated that the request is valid and trusted. You can fetch personal data with […]