As Software-as-a-Service becomes an increasingly popular business model, network administrators and application maintainers are left trying to integrate thirdparty sites with their own. A common convention for doing so is to configure DNS servers, creating A or CNAME records pointing to the thirdparty site's server. While this may ease the integration process, many of the clientside web technologies we use make trust decisions based on these DNS records, and records pointed at poorly configured systems can be used to leak data and compromise even the strongest of web applications.These vulnerabilities are remarkably common, and many have not been formally addressed. This paper will include demonstrations of attacks on highprofile websites, as well as a discussion on mitigation methods.
Check also: Cross-subdomain Cookie Attacks