Same site scripting
Description
Same-Site Scripting is a DNS misconfiguration vulnerability that occurs when administrators create localhost DNS records without a trailing dot (e.g., "localhost IN A 127.0.0.1" instead of "localhost. IN A 127.0.0.1"). This missing dot indicates the record is not fully qualified, causing DNS queries for "localhost.example.com" to resolve to 127.0.0.1. While this may appear harmless, it allows attackers to bypass same-origin policy restrictions that protect HTTP cookies and session data, enabling unauthorized access to user sessions and sensitive information.
Remediation
Remove non-fully qualified localhost entries from your DNS nameserver configurations by following these steps:
1. Audit DNS Records: Review all DNS zone files for your domains and identify any localhost entries without trailing dots.
2. Remove Problematic Records: Delete or comment out any records matching the pattern "localhost IN A 127.0.0.1" (without a trailing dot after localhost).
3. Verify Configuration: Test that "localhost.yourdomain.com" no longer resolves to 127.0.0.1 by running:
nslookup localhost.yourdomain.com dig localhost.yourdomain.com
4. Reload DNS Service: Restart your DNS server to apply the changes and clear any cached records.
5. Monitor: Periodically audit DNS configurations to ensure this misconfiguration is not reintroduced during updates or migrations.