Security Test: XSS via Domain Takeover¶
Description¶
XSS via Domain Takeover occurs when an attacker exploits a domain takeover vulnerability—caused by misconfigurations, expired services, or DNS vulnerabilities—to inject and execute malicious scripts on a target application. By controlling the domain, the attacker can host malicious content, impersonate the domain, and steal sensitive information from users through techniques like session hijacking, credential theft, or phishing. This attack requires zero user interaction, as the compromised domain automatically serves the malicious scripts to users who visit it, significantly increasing its impact and severity.
Remediation¶
- Remove or update DNS records that point to unused or expired domains.
- Implement strict access controls and regularly audit domain ownership.
- Use domain registrar features like domain locking to prevent unauthorized changes.
- Regularly monitor and renew domain registrations to prevent expiration.
- Implement security measures such as DNSSEC to protect DNS records.
- Conduct regular security assessments to identify potential domain vulnerabilities.
- Educate staff on the importance of domain security and best practices.
Frontend Specific¶
React
Implement Content Security Policy (CSP) to restrict script sources and regularly audit DNS configurations to prevent domain takeover vulnerabilities in React applications.Angular
Implement strict Content Security Policy (CSP) and sanitize user inputs to prevent XSS in Angular applications.Vue
Implement Content Security Policy (CSP) to restrict the sources of scripts and other resources, and regularly audit and update DNS configurations to prevent domain takeover vulnerabilities in Vue applications.Svelte
Implement CSP (Content Security Policy) to restrict script sources and regularly audit DNS configurations to prevent domain takeovers in Svelte applications.Ember
Ensure proper domain ownership and configuration to prevent domain takeovers, and implement Content Security Policy (CSP) in Ember applications to mitigate XSS risks.Backbone
Regularly audit and update DNS records to prevent domain takeover vulnerabilities.Preact
Ensure proper domain ownership and DNS configuration to prevent domain takeovers, and implement Content Security Policy (CSP) to mitigate XSS risks in Preact applications.Gatsby
Regularly audit and update DNS records and third-party service configurations to prevent domain takeover vulnerabilities in Gatsby applications.Blazor
Implement Content Security Policy (CSP) to restrict the sources of executable scripts and ensure proper domain validation to prevent unauthorized domain takeovers in Blazor applications.Marko
Ensure proper domain ownership and regularly audit DNS settings to prevent domain takeover vulnerabilities in Marko applications.Mithril
Ensure proper domain ownership and DNS configuration to prevent domain takeovers in Mithril applications.Configuration¶
Identifier:
configuration/xss_via_domain_takeover
Examples¶
Ignore this check¶
Score¶
- Escape Severity:
Compliance¶
- OWASP: API8:2023
- OWASP LLM: LLM05:2023
- pci: 6.1
- gdpr: Article-32
- soc2: CC9
- psd2: Article-95
- iso27001: A.12.6
- nist: SP800-81-2
- fedramp: SC-20
Classification¶
- CWE: 284
Score¶
- CVSS_VECTOR: AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- CVSS_SCORE: 3.0