Authentication / Cross-Domain Script Include
Cross-domain script include is a type of authentication vulnerability that occurs when a web application allows malicious scripts to be included from a different domain. This type of vulnerability can allow attackers to bypass access controls, such as the same-origin policy, allowing them to access sensitive data from the victim’s domain. This vulnerability is identified in the Common Weakness Enumeration (CWE) directory as CWE-95: Improper Neutralization of Script-Related HTML Tags in a Web Page (CWE-95). Further information on this type of vulnerability can be found in the Open Web Application Security Project (OWASP) Testing Guide.
Cross-domain script include is considered a high severity risk in terms of security. Attackers could use this vulnerability to bypass access control measures, allowing them to gain access to sensitive data and resources on the victim’s domain. This could lead to data exfiltration, malicious code injection, and other malicious activities.
One way to avoid this vulnerability is to ensure that all scripts are included from a single trusted domain. The web application should also be configured to validate all requests for scripts and only allow trusted scripts to be included. Additionally, the same-origin policy should be enforced on all scripts. This policy allows scripts to only be included from the same origin, preventing malicious scripts from being included from different domains.
The following code is an example of a vulnerable cross-domain script include.
This code includes a malicious script from the domain example.com, which is different from the current domain. This would allow an attacker to bypass the same-origin policy, potentially allowing them to access sensitive data and resources.