This paper undertakes the first systematic exploration of the potential threats posed by DNS glue records, uncovering significant real-world security risks.
Aug 16, 2024
Internal site Search Abuse Promotion (ISAP) is a prevalent Black Hat Search Engine Optimization (SEO) technique, which exploits the reputation of abused internal search websites with minimal effort. To shed light on ISAP risks, we established a collaboration with Baidu, a leading search engine in China..
Aug 16, 2024
In this paper, we uncover a novel attack surface, named XDAuth, arising from public authoritative nameserver infrastructure's failure to isolate data across zones adequately. This flaw enables adversaries to inject arbitrary resource records across logical authority boundaries and covertly hijack domain names without authority.
Aug 16, 2024