Exploring Same-Site Attacks in the Modern Web
Marco Squarcina1,
Mauro Tempesta1,
Lorenzo Veronese1,
Stefano Calzavara2,
Matteo Maffei1
1 TU Wien, 2 Università Ca’ Foscari Venezia & OWASP
30th USENIX Security Symposium (USENIX Security ‘21), August 11–13, 2021
Service | Wildcard | Redirect (www ) |
PSL | Capabilities |
---|---|---|---|---|
agilecrm | js https |
|||
anima | js https |
|||
campaignmonitor | content |
|||
cargo | js |
|||
feedpress | html |
|||
gemfury | file https |
|||
github | js file https |
|||
helpscout | js file https |
|||
jetbrains | content |
|||
launchrock | js https |
|||
ngrok | js file headers https |
|||
persona | js https |
|||
pingdom | js |
|||
readme.io | js https |
|||
shopify | js https |
|||
smartjobboard | js https |
|||
statuspage | js https |
|||
strikingly | js https |
|||
surgesh | js https |
|||
tumblr | js file https |
|||
uberflip | js https |
|||
uptimerobot | content |
|||
uservoice | js https |
|||
webflow | js https |
|||
wordpress | js https |
|||
worksites | js https |
Notation
Helpscout allows to host only arbitrary active content files (JavaScript, CSS); Gemfury allows to host only arbitrary passive content files (images, media, …); Launchrock implicitly associates every subdomain to the mapped domain, not only the www
subdomain.