Same Site Scripting Attack
How to Find & Reporting Same Site Scripting (SSS)
What is Same Site Scripting ?
A mistake, which seems harmless, is to leave off trailing dot at the end. Server parses configuration file in way that localhost is interpreted as hostname within the current domain, instead of domain in itself. What this means is that if you try to use ping command for localhost.target.com, query will resolve.
This introduces the vulnerability called Same Site Scripting, which is variant of Cross-Site Scripting (XSS). Since dot isn’t present at the end of URL, it indicates that record is not fully qualified. Thus, queries of form “localhost.target.com” are resolved
I believe you may be referring to "Same-Site Scripting" (not to be confused with Cross-Site Scripting, or XSS). However, it's worth noting that "Same-Site Scripting" is not a widely recognized term in the field of web security. If you can provide more context or clarify your question
How to Find ?
STEP #1: . Open any site and copy its domain name.
STEP #2: . Then open CMD and type this command (EX :- ping localhost.example.com) if reply comes then Same site scripting Vulnerability .
This may cause security issues in multiple user systems. An attack procedure can be found here
"It's a common and sensible practice to install records of the form "localhost. IN A 127.0.0.1" into nameserver configurations, bizarrely however, administrators often mistakenly drop the trailing dot, introducing an interesting variation of Cross-Site Scripting (XSS) I call Same-Site Scripting. The missing dot indicates that the record is not fully qualified, and thus queries of the form "localhost.example.com" are resolved. While superficially this may appear to be harmless, it does in fact allow an attacker to cheat the RFC2109 (HTTP State Management Mechanism) same origin restrictions, and therefore hijack state management data."
Mitigation :
Non-FQ localhost entries be removed from nameserver configurations for domains that host websites that rely on HTTP state management.
How to Report Vulnerability ?
Hello Team
I'm Career Technology Cyber Security India a white security researcher from Mumbai INDIA, founded a vulnerability on your website
I'm Career Technology Cyber Security India a white security researcher from Mumbai INDIA, founded a vulnerability on your website
Vulnerability Name: Same Site Scripting
Descriptions :
I know that this may not be what you are looking for since you mention DNS, but IMHO, same-site scripting (SSS), by interpolation from the definition of XSS (cross-site scripting), is a class of attack whereby a malicious user injects javascript code on the HTML page of a website targeting the same domain.
Vulnerable URL: https://www.example.com/
PoC
Steps to Reproduce :
1.visit given URL
2.open CMD then type command i e: ping localhost.example.com
3.Then you will get reply which is coming from DNS
Impact :
This may cause security issues in multiple user systems. An attack procedure can be found here
A screenshot has been attached
Comments
Post a Comment