Cross Site History Manipulation(Checkmarx)

Question

Does anyone know how to fix the Checkmarx vulnerability -- Cross Site History Manipulation for java based applcations? Here is the description provided by Checkmarx scan -- "the method may leak server-side conditional values, enabling user tracking from another website. This may constitute a Privacy Violation."

Here is the related code :

if(user is logged in) {
     response.sendRedirect(url);
} else {
     response.sendRedirect(url)
}

Upon googling I found some Checkmarx documentation which to suggest to add a random number to the redirect url. Here is the link to the document : https://www.checkmarx.com/wp-content/uploads/2012/07/XSHM-Cross-site-history-manipulation.pdf

For e.g :

If ( !isAuthenticated)
  Redirect(„Login.aspx?r=‟ + Random())

I tried this approach but the Checkmarx scan still show the same vulnerability.Not sure why.

score 1 · Answer 1 · answered Sep 20 '18 at 09:34

1

XSHM could be a CWE-203 (http://cwe.mitre.org/data/definitions/203.html) from CX documentation.

The problem could be complex or simple. With just your 5 lines we can not said exactly what the good solution is.

answered Sep 20 '18 at 09:34

SPoint

582
2
10

score 0 · Answer 2 · answered Jun 07 '21 at 12:00

0

Checkmarx is check if your redirect url include some random value. Here are some random methods checking by Java/Cx/General/Find_Cross_Site_History_Manipulation_Random:

Random.Next
Math.random
Randomizer.*
Random.nextBytes

answered Jun 07 '21 at 12:00

Happy Young

31
3

Cross Site History Manipulation(Checkmarx)

2 Answers2