Produces persistent, respawning "super" cookies in a browser, abusing over a dozen techniques. Its goal is to identify users after they've removed standard cookies and other privacy data such as Flash cookies (LSOs), HTML5 storage, SilverLight storage, and others.
There was stored Cross-Site Scripting issue in evercookie.swf. Attacker in both versions (getURL() and ExternalInterface.call() ones) was able to control everdata stored in SharedObject, and then execute code on webpage that embed evercookie.swf.
ZoczuS
commented
9 years ago
There was stored Cross-Site Scripting issue in evercookie.swf. Attacker in both versions (getURL() and ExternalInterface.call() ones) was able to control everdata stored in SharedObject, and then execute code on webpage that embed evercookie.swf.
Proof of Concepts will be released soon.