Same Site Scripting

Description

During the scan, Kayran managed to find Same Site Scripting vulnerability.

Unlike XSS vulnerabilities, this is a type of vulnerability that is caused due to common DNS misconfigurations.
It’s not easy to exploit it.
The attacker needs to be on same machine as you are. If they are, they can open a network port over which, they can reroute HTTP traffic to your browser from local machine.

If the desired server is http://www.example.com at 1.1.1.1 the server will sometimes returns 6.6.6.6, which might belong to http://evil.com .

Recommendation

Remove all the non-FQ localhost entries from nameserver configurations for domains that host websites that depends on HTTP state management.

References

https://www.geeksforgeeks.org/same-site-scripting/

https://cwe.mitre.org/data/definitions/16.html

< Return to all Vulnerabilities

HTTP VS. HTTPS

You must have once wondered what HTTP means and what is the difference between that ugly word to HTTPS, and if not, then please read

Read More »

The Dark Web

Let’s talk about the darker and more mysterious side of the internet, also known as The Dark Web. You’ve probably heard about it, whether it’s

Read More »

Blue Team

We’ve talked about The Red Team before, but what about The Blue Team? How is this group different from the red one? Why would we

Read More »

Active Directory Hacking

What does Active Directory mean? The Active Directory infrastructure is a critical infrastructure in most organizations, and it forms the backbone of the organization’s computing

Read More »