Cross-Site History Manipulation: XSHM - Whitepaper


What’s inside

In this article, we present the Same Origin Policy (SOP) security issue - identified as Cross-Site History Manipulation. SOP is the most important security concept of modern browsers, and means that web pages from different origins by design cannot communicate with each other. Cross-Site History Manipulation breach is based on our research findings that the client-side browser history object is not properly partitioned on a per-site basis. Manipulating browser history may lead to SOP compromising, allow bidirectional CSRF and other exploitations such as user privacy violation, login status detection, resources mapping, sensitive information inferring, users activity tracking and URL parameter stealing.


Read this Whitepaper to learn

  • The class of attacks based on Cross-Site History Manipulation - XSHM
  • How by manipulating the browser’s history, hackers can compromise SOP and violate user privacy
  • How to protect from XSHM

Share This:

facebook-4 twitter-1 google_plus-1 linkedin