Common DNS Misconfiguration can lead to "same-site" Scripting
Sunday, 20. January 2008, 20:37:53
For anyone interested in web application security, I posted a writeup of an interesting cross site scripting variant to bugtraq over the weekend. The problem is due to dns administrators commonly installing unqualified localhost records.
This might sound harmless at first, but in fact makes it impossible to access affected sites securely via http (assuming they make use of cookies) from multi-user systems. Under certain circumstances it can be exploited even from single-user systems.
The full post is available here.
Damn, and the machine I'm posting this from is indeed multi-user :-)
This might sound harmless at first, but in fact makes it impossible to access affected sites securely via http (assuming they make use of cookies) from multi-user systems. Under certain circumstances it can be exploited even from single-user systems.
The full post is available here.
$ host localhost.opera.com localhost.opera.com has address 127.0.0.1
Damn, and the machine I'm posting this from is indeed multi-user :-)
WIDGETIZE