Hacking HTTP Status Codes

Technical details here: <a href="https://grepular.com/Abusing_HTTP_Status_Codes_to_Expose_Private_Information" rel="nofollow">https://grepular.com/Abusing_HTTP_Status_Codes_to_Expose_Pri...</a><p>The trick is to identify GET requests that will succeed only if the victim is logged into $SITE_OF_INTEREST, and bury them in an<p><pre><code> &#60;img src="https://SITE_OF_INTEREST/more/stuff/here" onload="is_logged_in()" onerror="not_logged_in()" ...&#62; </code></pre> If $SITE_OF_INTEREST doesn't have decent CSRF protection, this is an easy way for a rogue website to not only make a request, but observe the result.

Original lengthy discussion <a href="http://news.ycombinator.com/item?id=2139107" rel="nofollow">http://news.ycombinator.com/item?id=2139107</a>