先行研究 Previous Research

1
- HTTP cookies are small blocks of data created by a web server while a user is browsing a website and placed on the user’s computer or some other device by the user’s web browser.

same origin policy

1
2
3
4
5
6
7
8
9
10
11
For exapmle
This website's origin is http://www.example.com/dir/page.html 
where the protocol is https. 
The host is  www.example.com/dir/page.html, 
and the port is not specified.(80)


http://www.example.com/dir2/other.html :    (same origin)
http://example.com/dir/other.html:             (different host)
http://v2.www.example.com/dir/other.html:(different host)
http://www.example.com:81/dir/other.html:(different port)

cross-site leaks

  1. Cross-Site Leaks (XS-Leaks) are vulnerabilities to side channel attacks on Web browsers.

  2. The type of side channel attacks on a web browser bypass security mechanism such as the same source policy.

  3. Cross-Site Leaks describe a client-side bug that allows an attacker to collect side-channel information from a cross-origin HTTP resource.

Error messages

The execution context of a web application is defined through the concept of web origins.
Web applications may call and embed other web applications to enhance functionality.

By using CORS (Cross-Origin Resource Sharing ), An attacker can send an enabled request to a target website which redirects based on the user state.

When the browser denies the request, the full URL of the redirect target is leaked in the error message.

With this attack, it is possible to detect redirects, leak redirect locations, and sensitive query parameters.