groet@feddit.orgtoMildly Infuriating@lemmy.world•Redirect to prevent back buttonEnglish
12·
10 days agoThey actually do. To avoid infinite loops. If a URL redirects to the identical URL for more than ~5 times most browsers will refuse to load and show an error instead.
That’s why sites like this will generate new URLs with the same content.
No, why would it? It will run code in the context of the current user which is absolutely enough to start a new process that will run in the background, download more code from a attacker server and allow remote access. The attacker will only have as much permissions as the user executing the code but that is enough to steal their files, run a keyloggers, steal their sessions for other websites etc.
They can try to escalate to the admin user, but when targeting private victims, all the data that is worth stealing is available to the user and does not require admin privs.