Common DNS Misconfiguration can lead to "same-site" Scripting
Sunday, 20. January 2008, 20:37:53
For anyone interested in web application security, I posted a writeup of an interesting cross site scripting variant to bugtraq over the weekend. The problem is due to dns administrators commonly installing unqualified localhost records.
This might sound harmless at first, but in fact makes it impossible to access affected sites securely via http (assuming they make use of cookies) from multi-user systems. Under certain circumstances it can be exploited even from single-user systems.
The full post is available here.
Damn, and the machine I'm posting this from is indeed multi-user :-)
This might sound harmless at first, but in fact makes it impossible to access affected sites securely via http (assuming they make use of cookies) from multi-user systems. Under certain circumstances it can be exploited even from single-user systems.
The full post is available here.
$ host localhost.opera.com localhost.opera.com has address 127.0.0.1
Damn, and the machine I'm posting this from is indeed multi-user :-)
I guess transparent proxies are now an interesting target.
By anonymous user, # 21. January 2008, 01:27:08
Great - and the non-profit company ARNES who is "in charge" of Slovene domains (.si) disallows domains which don't have a localhost.domain. A record pointing to 127.0.0.1.
(As described in http://www.arnes.si/domene/vpis_dns.html, altho
not many of you will be able to read that I guess).
By anonymous user, # 17. April 2008, 00:39:48
The link above doesn't work because of a comma at the end - but I guess real hackers would notice (I didn't ;)...
http://www.arnes.si/domene/vpis_dns.html
By anonymous user, # 25. July 2008, 16:30:10