Exploring Same-Site Attacks in the Modern Web
Marco Squarcina1,
Mauro Tempesta1,
Lorenzo Veronese1,
Stefano Calzavara2,
Matteo Maffei1
1 TU Wien, 2 Università Ca’ Foscari Venezia & OWASP
30th USENIX Security Symposium (USENIX Security ‘21), August 11–13, 2021
| Service | Wildcard | Redirect (www) |
PSL | Capabilities |
|---|---|---|---|---|
| agilecrm | js https |
|||
| anima | js https |
|||
| campaignmonitor | content |
|||
| cargo | js |
|||
| feedpress | html |
|||
| gemfury | file https |
|||
| github | js file https |
|||
| helpscout | js file https |
|||
| jetbrains | content |
|||
| launchrock | js https |
|||
| ngrok | js file headers https |
|||
| persona | js https |
|||
| pingdom | js |
|||
| readme.io | js https |
|||
| shopify | js https |
|||
| smartjobboard | js https |
|||
| statuspage | js https |
|||
| strikingly | js https |
|||
| surgesh | js https |
|||
| tumblr | js file https |
|||
| uberflip | js https |
|||
| uptimerobot | content |
|||
| uservoice | js https |
|||
| webflow | js https |
|||
| wordpress | js https |
|||
| worksites | js https |
Notation
Helpscout allows to host only arbitrary active content files (JavaScript, CSS); Gemfury allows to host only arbitrary passive content files (images, media, …); Launchrock implicitly associates every subdomain to the mapped domain, not only the www subdomain.