[Owasp-codereview] Cross-Site History Manipulation (XSHM)

Alex Roichman Alexr at Checkmarx.com
Tue Jan 26 09:48:42 EST 2010

Checkmarx Research Labs has identified a new critical vulnerability in
Internet Explorer (other browsers are probably exposed the same way) that
would allow hackers to easily compromise web applications. Cross-Site
History Manipulation (XSHM) is a newly discovered zero-day attack: attackers
may have been using it for a long time, but the application and security
communities do not know it.


To help major browsers or application developers stop the proliferation of
this exploit, Checkmarx has published a guide to identify and remediate the
vulnerability. It can be downloaded at


A  POC for IE and Facebook users can be seen here:
http://www.checkmarx.com/Demo/XSHM.aspx . In this page, an attacker can
easily detect whether a user is currently authenticated to the Facebook
application. Interested parties will be able to detect XSHM in samples of
their application by using a free download version of the product.



Alex Roichman

Chief Architect and head of Research labs, Checkmarx Ltd. 

Securitylabs at checkmarx.com




-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-codereview/attachments/20100126/e1b75d4d/attachment.html 

More information about the Owasp-codereview mailing list