Research Lab

Start A FREE Trial
« Back to Resources
XSHM Cross site history manipulation Thumbnail

Cross-Site History Manipulation: XSHM

In this White Paper we present a newly discovered SOP [8] (Same Origin Policy) security breach identified as Cross-Site History Manipulation (XSHM). SOP is the most important security concept of modern browsers. SOP means that web pages from different origins by design cannot communicate with each other. Cross-Site History Manipulation breach is based on our research findings that the client-side browser history object is not properly partitioned on a per-site basis. Manipulating browser history may lead to SOP compromising, allow bidirectional CSRF and other exploitations such as: user privacy violation, login status detection, resources mapping, sensitive information inferring, users‟ activity tracking and URL parameter stealing.

 


Download