RobinLinus / socialmedia-leak

A demo of cross-origin login detection for most major web platforms

https://robinlinus.github.io/socialmedia-leak/

Anyone have a way to test this against Yelp?

blakeperdue opened this issue 7 years ago · comments

Blake Perdue commented 7 years ago

Would like to see if Yelp has this weakness or not and notify them.

So far, this doesn't seem to work:

{
    domain: "https://www.yelp.com",
    redirect: "/login?return_url=https://www.yelp.com/favicon.ico?hl=en",
    name: "Yelp"
  }

Vaibhav Vishal commented 6 years ago

They have their fevicon hosted on cdn here: https://s3-media2.fl.yelpcdn.com/assets/srv0/yelp_styleguide/118ff475a341/assets/img/logos/favicon.ico
so no they don't have this weakness

rana-waqas commented 3 years ago

Any other workaround for Yelp?