Same Site Scripting Paper Released
An email sent to bugtraq by Travis Ormandy outlines a new attack dubbed same site scripting.
"It's a common and sensible practice to install records of the form "localhost. IN A 127.0.0.1" into nameserver configurations, bizarrely however, administrators often mistakenly drop the trailing dot, introducing an interesting variation of Cross-Site Scripting (XSS) I call Same-Site Scripting. The missing dot indicates that the record is not fully qualified, and thus queries of the form "localhost.example.com" are resolved. While superficially this may appear to be harmless, it does in fact allow an attacker to cheat the RFC2109 (HTTP State Management Mechanism) same origin restrictions, and therefore hijack state management data.
The result of this minor misconfiguration is that it is impossible to access sites in affected domains securely from multi-user systems. " - Travis
Article Link: http://seclists.org/bugtraq/2008/Jan/0270.html
Comments
You can follow this conversation by subscribing to the comment feed for this post.
All Comments are Moderated and will be delayed!
Post a comment