Defeating CSRF Protections Through Expired cross-domain.xml Domains
Tags
| attack-pattern: | Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Python - T1059.006 Tool - T1588.002 Vulnerabilities - T1588.006 |
Common Information
| Type | Value |
|---|---|
| UUID | fd773e7c-b687-42f1-90f1-c3516e9badfd |
| Fingerprint | d69185f228d262c5 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Feb. 21, 2017, 7 a.m. |
| Added to db | Jan. 18, 2023, 8:37 p.m. |
| Last updated | Nov. 19, 2024, 3:11 a.m. |
| Headline | Defeating CSRF Protections Through Expired cross-domain.xml Domains |
| Title | Defeating CSRF Protections Through Expired cross-domain.xml Domains |
| Detected Hints/Tags/Attributes | 19/1/21 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | valid.com |
|
| Details | Domain | 2 | testing.com |
|
| Details | Domain | 835 | example.com |
|
| Details | Domain | 4135 | github.com |
|
| Details | Domain | 1 | jakereynolds.co |
|
| Details | Domain | 8 | scanner.py |
|
| Details | Domain | 1 | asdaasdasfwkjhcjhbwrgkljsv.com |
|
| Details | Domain | 1 | thisisanexpireddomainaswell.es |
|
| Details | Domain | 1 | jakereynoldsexpireddomain.com |
|
| Details | Domain | 1 | sethsec.blogspot.com |
|
| Details | File | 1 | cross-domain.xml |
|
| Details | File | 23 | crossdomain.xml |
|
| Details | File | 144 | requirements.txt |
|
| Details | File | 8 | scanner.py |
|
| Details | File | 1 | exploiting-misconfigured-crossdomainxml.html |
|
| Details | Github username | 11 | netspi |
|
| Details | Url | 1 | https://github.com/netspi/crossdomainscanner |
|
| Details | Url | 1 | https://jakereynolds.co |
|
| Details | Url | 1 | https://jakereynolds.co/crossdomain.xml |
|
| Details | Url | 1 | https://jakereynoldsexpireddomain.com |
|
| Details | Url | 1 | https://sethsec.blogspot.com/2014/03/exploiting-misconfigured-crossdomainxml.html |