Jump to content

Wanted: Personas Hack


Recommended Posts

Today, I had the great idea/hack for web developers involving Personas @ Mozilla Labs

If your not familiar with Personas check it out here: http://labs.mozilla.com/2007/12/personas-for-firefox/

On persona's gallery page (http://www.getpersonas.com/store/recent.html) java script invokes changes based on hovering over page elements. Is it possible to change someone else's persona theme when they visit your website? For example, if someone goes to the hak5 webpage, the hak5 webpage would run a script onload and change the persona theme to something else.

This sort of thing would be used to create a richer web experience. Now its possible that personas will only accept updates from Mozilla, but I am not really sure.

Lemme know what you think


Link to comment
Share on other sites

Commonly known as a XSRF attack. The steamcommunity site was pretty vulnerable to this kind of attack a short time ago but required a bit of social engineering. Having to convince some one to login to steamcommunity site then send them a tiny url that changes there name on steam.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...