We gratefully acknowledge support from
the Simons Foundation and member institutions.
Full-text links:

Download:

Current browse context:

cs

Change to browse by:

References & Citations

DBLP - CS Bibliography

Bookmark

(what is this?)
CiteULike logo BibSonomy logo Mendeley logo del.icio.us logo Digg logo Reddit logo ScienceWISE logo

Computer Science > Cryptography and Security

Title: Can I Take Your Subdomain? Exploring Related-Domain Attacks in the Modern Web

Abstract: Related-domain attackers control a sibling domain of their target web application, e.g., as the result of a subdomain takeover. Despite their additional power over traditional web attackers, related-domain attackers received only limited attention by the research community. In this paper we define and quantify for the first time the threats that related-domain attackers pose to web application security. In particular, we first clarify the capabilities that related-domain attackers can acquire through different attack vectors, showing that different instances of the related-domain attacker concept are worth attention. We then study how these capabilities can be abused to compromise web application security by focusing on different angles, including: cookies, CSP, CORS, postMessage and domain relaxation. By building on this framework, we report on a large-scale security measurement on the top 50k domains from the Tranco list that led to the discovery of vulnerabilities in 887 sites, where we quantified the threats posed by related-domain attackers to popular web applications.
Comments: Submitted to USENIX Security '21 on 16 Oct 2020
Subjects: Cryptography and Security (cs.CR)
Cite as: arXiv:2012.01946 [cs.CR]
  (or arXiv:2012.01946v1 [cs.CR] for this version)

Submission history

From: Marco Squarcina [view email]
[v1] Thu, 3 Dec 2020 14:21:38 GMT (304kb,D)

Link back to: arXiv, form interface, contact.