Same Site Scripting

Home » Blog » Same Site Scripting

Description

During the scan, Kayran managed to find Same Site Scripting vulnerability.

Unlike XSS vulnerabilities, this is a type of vulnerability that is caused due to common DNS misconfigurations.
It’s not easy to exploit it.
The attacker needs to be on same machine as you are. If they are, they can open a network port over which, they can reroute HTTP traffic to your browser from local machine.

If the desired server is http://www.example.com at 1.1.1.1 the server will sometimes returns 6.6.6.6, which might belong to http://evil.com .

Recommendation

Remove all the non-FQ localhost entries from nameserver configurations for domains that host websites that depends on HTTP state management.

References

https://www.geeksforgeeks.org/same-site-scripting/

https://cwe.mitre.org/data/definitions/16.html

< Return to all Vulnerabilities

Same Site Scripting

Description

Recommendation

References

Designing our Web Apps – CSS

Spywares – 007’ing Your Devices

The fundamentals of HTML

A security vulnerability our API hates

Models – CIA and AAA

Links

registered user?

Same Site Scripting

Description

Recommendation

References

Designing our Web Apps – CSS

Spywares – 007’ing Your Devices

The fundamentals of HTML

Networking? – Social Engineering

A security vulnerability our API hates

Models – CIA and AAA

Links

registered user?