Same site scripting
Description
Same-Site Scripting is a DNS misconfiguration vulnerability that occurs when administrators create localhost DNS records without a trailing dot (e.g., "localhost IN A 127.0.0.1" instead of "localhost. IN A 127.0.0.1"). This missing dot indicates the record is not fully qualified, causing DNS queries for "localhost.example.com" to resolve to 127.0.0.1. While this may appear harmless, it allows attackers to bypass same-origin policy restrictions that protect HTTP cookies and session data, enabling unauthorized access to user sessions and sensitive information.
Remediation
Remove non-fully qualified localhost entries from your DNS nameserver configurations by following these steps:<br/><br/>1. <strong>Audit DNS Records:</strong> Review all DNS zone files for your domains and identify any localhost entries without trailing dots.<br/><br/>2. <strong>Remove Problematic Records:</strong> Delete or comment out any records matching the pattern "localhost IN A 127.0.0.1" (without a trailing dot after localhost).<br/><br/>3. <strong>Verify Configuration:</strong> Test that "localhost.yourdomain.com" no longer resolves to 127.0.0.1 by running:<br/><pre>nslookup localhost.yourdomain.com dig localhost.yourdomain.com</pre><br/>4. <strong>Reload DNS Service:</strong> Restart your DNS server to apply the changes and clear any cached records.<br/><br/>5. <strong>Monitor:</strong> Periodically audit DNS configurations to ensure this misconfiguration is not reintroduced during updates or migrations.