User:TechnoSquirrel69/sandbox
—TS
Cross-site leaks [edit]
Example of a cross-site leak
-
In the absence of a third party, the user's browser sends the web server an HTTP request. The server then sends an ""encrypted"" HTTP response.
-
An attacker identifies a vulnerable URL and phishes the user to their website using an email. The attacker can now send malicious HTTP requests to the web server using the vulnerable URL.
-
The server sends an ""encrypted"" HTTP response that the attacker cannot read. However, observing other factors like the response time or size can lead to side-channel information leakage.
-
In the absence of a third party, the user's browser sends the web server an HTTP request. The server responds with a response depending on the request sent.
-
An attacker identifies a vulnerable URL and phishes the user to their website using an email. When the user goes to the attacker's website, the attacker can make a malicious HTTP requests to the web server using the vulnerable URL.
-
Reading the response to the malicious request sent by the attacker is blocked by the browser. However other factors like the response time or size can be measured by the attacker, leading to information about the user leaking to the attacker.
Test.[1] How bout this and this