Exploiting DNSbased Trust Relationships On The Web
Page 1 of 1
Exploiting DNSbased Trust Relationships On The Web
As Software-as-a-Service becomes an increasingly popular business model, network administrators and application maintainers are left trying to integrate thirdparty sites with their own. A common convention for doing so is to configure DNS servers, creating A or CNAME records pointing to the thirdparty site's server. While this may ease the integration process, many of the clientside web technologies we use make trust decisions based on these DNS records, and records pointed at poorly configured systems can be used to leak data and compromise even the strongest of web applications.These vulnerabilities are remarkably common, and many have not been formally addressed. This paper will include demonstrations of attacks on highprofile websites, as well as a discussion on mitigation methods.
Download [urlhttp://skeptikal.org/repository/one_in_every_family.pdf]PDF[/url]
Check also: Cross-subdomain Cookie Attacks
Download [urlhttp://skeptikal.org/repository/one_in_every_family.pdf]PDF[/url]
Check also: Cross-subdomain Cookie Attacks
andry- Moderator
- Posts : 467
Join date : 2010-05-07
Similar topics
» Don't trust on PayPal.
» Exploiting IE8 UTF-7 XSS Vulnerability using Local Redirection
» Exploiting IE8 UTF-7 XSS Vulnerability using Local Redirection
» Exploiting a cross-site scripting vulnerability on Facebook
» High-Quality Content Helps Build Trust
» Exploiting IE8 UTF-7 XSS Vulnerability using Local Redirection
» Exploiting IE8 UTF-7 XSS Vulnerability using Local Redirection
» Exploiting a cross-site scripting vulnerability on Facebook
» High-Quality Content Helps Build Trust
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum