{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:49:37Z","timestamp":1750308577646,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":40,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,10,5]],"date-time":"2020-10-05T00:00:00Z","timestamp":1601856000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,10,5]]},"DOI":"10.1145\/3320269.3372196","type":"proceedings-article","created":{"date-parts":[[2020,10,5]],"date-time":"2020-10-05T16:33:23Z","timestamp":1601915603000},"page":"409-419","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":3,"title":["CORSICA: Cross-Origin Web Service Identification"],"prefix":"10.1145","author":[{"given":"Christian","family":"Dresen","sequence":"first","affiliation":[{"name":"M\u00fcnster University of Applied Sciences, M\u00fcnster, Germany"}]},{"given":"Fabian","family":"Ising","sequence":"additional","affiliation":[{"name":"M\u00fcnster University of Applied Sciences, M\u00fcnster, Germany"}]},{"given":"Damian","family":"Poddebniak","sequence":"additional","affiliation":[{"name":"M\u00fcnster University of Applied Sciences, M\u00fcnster, Germany"}]},{"given":"Tobias","family":"Kappert","sequence":"additional","affiliation":[{"name":"M\u00fcnster University of Applied Sciences, M\u00fcnster, Germany"}]},{"given":"Thorsten","family":"Holz","sequence":"additional","affiliation":[{"name":"Ruhr-University Bochum, Bochum, Germany"}]},{"given":"Sebastian","family":"Schinzel","sequence":"additional","affiliation":[{"name":"M\u00fcnster University of Applied Sciences, M\u00fcnster, Germany"}]}],"member":"320","published-online":{"date-parts":[[2020,10,5]]},"reference":[{"key":"e_1_3_2_2_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/3229565.3229568"},{"key":"e_1_3_2_2_2_1","unstructured":"acargu...@gmail.com. 2018. 828265 - MediaError message property leaks cross-origin response status. https:\/\/bugs.chromium.org\/p\/chromium\/issues\/detail?id=828265.  acargu...@gmail.com. 2018. 828265 - MediaError message property leaks cross-origin response status. https:\/\/bugs.chromium.org\/p\/chromium\/issues\/detail?id=828265."},{"key":"e_1_3_2_2_3_1","unstructured":"AVM. 2018. No DNS resolution of private IP addresses. https:\/\/en.avm.de\/service\/fritzbox\/fritzbox-7590\/knowledge-base\/publication\/show\/663_No-DNS-resolution-of-private-IP-addresses\/.  AVM. 2018. No DNS resolution of private IP addresses. https:\/\/en.avm.de\/service\/fritzbox\/fritzbox-7590\/knowledge-base\/publication\/show\/663_No-DNS-resolution-of-private-IP-addresses\/."},{"key":"e_1_3_2_2_4_1","doi-asserted-by":"crossref","unstructured":"A. Barth. 2011. The Web Origin Concept. http:\/\/tools.ietf.org\/rfc\/rfc6454.txt RFC6454.  A. Barth. 2011. The Web Origin Concept. http:\/\/tools.ietf.org\/rfc\/rfc6454.txt RFC6454.","DOI":"10.17487\/rfc6454"},{"volume-title":"Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS '08)","author":"Barth Adam","key":"e_1_3_2_2_5_1"},{"key":"e_1_3_2_2_6_1","unstructured":"John Bergbom. 2019. Attacking the internal network from the public Internet using a browser as a proxy. https:\/\/www.forcepoint.com\/sites\/default\/files\/resources\/files\/report-attacking-internal-network-en_0.pdf.  John Bergbom. 2019. Attacking the internal network from the public Internet using a browser as a proxy. https:\/\/www.forcepoint.com\/sites\/default\/files\/resources\/files\/report-attacking-internal-network-en_0.pdf."},{"key":"e_1_3_2_2_7_1","doi-asserted-by":"crossref","unstructured":"G. Blanc D. Miyamoto M. Akiyama and Y. Kadobayashi. 2012. Characterizing Obfuscated JavaScript Using Abstract Syntax Trees: Experimenting with Malicious Scripts. In 2012 26th International Conference on Advanced Information Networking and Applications Workshops. IEEE Fukuoka Japan 344--351. https:\/\/doi.org\/10.1109\/WAINA.2012.140  G. Blanc D. Miyamoto M. Akiyama and Y. Kadobayashi. 2012. Characterizing Obfuscated JavaScript Using Abstract Syntax Trees: Experimenting with Malicious Scripts. In 2012 26th International Conference on Advanced Information Networking and Applications Workshops. IEEE Fukuoka Japan 344--351. https:\/\/doi.org\/10.1109\/WAINA.2012.140","DOI":"10.1109\/WAINA.2012.140"},{"key":"e_1_3_2_2_8_1","unstructured":"Jesse Burns. 2007. Cross Site Request Forgery: An introduction to a common web application weakness. http:\/\/www.isecpartners.com\/documents\/XSRF_Paper.pdf  Jesse Burns. 2007. Cross Site Request Forgery: An introduction to a common web application weakness. http:\/\/www.isecpartners.com\/documents\/XSRF_Paper.pdf"},{"key":"e_1_3_2_2_9_1","doi-asserted-by":"crossref","unstructured":"K. Egevang and P. Francis. 1994. The IP Network Address Translator (NAT). http:\/\/tools.ietf.org\/rfc\/rfc1631.txt RFC1631.  K. Egevang and P. Francis. 1994. The IP Network Address Translator (NAT). http:\/\/tools.ietf.org\/rfc\/rfc1631.txt RFC1631.","DOI":"10.17487\/rfc1631"},{"key":"e_1_3_2_2_10_1","unstructured":"Jonathan Frederic. 2018. pingjs. https:\/\/github.com\/jdfreder\/pingjs.  Jonathan Frederic. 2018. pingjs. https:\/\/github.com\/jdfreder\/pingjs."},{"volume-title":"Freiling and Sebastian Schinzel","year":"2011","author":"Felix","key":"e_1_3_2_2_11_1"},{"key":"e_1_3_2_2_12_1","unstructured":"Daniel Garcia and @ffranz. 2017. Plecost. https:\/\/github.com\/iniqua\/plecost.  Daniel Garcia and @ffranz. 2017. Plecost. https:\/\/github.com\/iniqua\/plecost."},{"key":"e_1_3_2_2_13_1","unstructured":"gunesacar. 2018. 1450853-MediaError message property leaks cross-origin response status. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1450853  gunesacar. 2018. 1450853-MediaError message property leaks cross-origin response status. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1450853"},{"key":"e_1_3_2_2_14_1","unstructured":"Ruslan Habalov. 2018. Side-channel attacking browsers through CSS3 features. https:\/\/www.evonide.com\/side-channel-attacking-browsers-through-css3-features\/.  Ruslan Habalov. 2018. Side-channel attacking browsers through CSS3 features. https:\/\/www.evonide.com\/side-channel-attacking-browsers-through-css3-features\/."},{"key":"e_1_3_2_2_15_1","unstructured":"Andrew Horton and Brendan Coles. 2010. Whatweb. https:\/\/www.morningstarsecurity.com\/research\/whatweb.  Andrew Horton and Brendan Coles. 2010. Whatweb. https:\/\/www.morningstarsecurity.com\/research\/whatweb."},{"key":"e_1_3_2_2_16_1","unstructured":"Artur Janc. 2018. How do we Stop Spilling the Beans Across Origins? https:\/\/www.arturjanc.com\/cross-origin-infoleaks.pdf.  Artur Janc. 2018. How do we Stop Spilling the Beans Across Origins? https:\/\/www.arturjanc.com\/cross-origin-infoleaks.pdf."},{"key":"e_1_3_2_2_17_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-007-0076-7"},{"key":"e_1_3_2_2_18_1","unstructured":"Kafeine. 2015. An Exploit Kit dedicated to CSRF Pharming. https:\/\/malware.dontneedcoffee.com\/2015\/05\/an-exploit-kit-dedicated-to-csrf.html.  Kafeine. 2015. An Exploit Kit dedicated to CSRF Pharming. https:\/\/malware.dontneedcoffee.com\/2015\/05\/an-exploit-kit-dedicated-to-csrf.html."},{"key":"e_1_3_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-009-0092-3"},{"key":"e_1_3_2_2_20_1","doi-asserted-by":"publisher","DOI":"10.23919\/CYCON.2018.8405025"},{"volume-title":"The Unexpected Dangers of Dynamic JavaScript. In 24th USENIX Security Symposium (USENIX Security 15)","year":"2015","author":"Lekies Sebastian","key":"e_1_3_2_2_21_1"},{"key":"e_1_3_2_2_22_1","unstructured":"Jakob Lell. 2013. Real-World CSRF attack hijacks DNS Server configuration of TP-Link routers. https:\/\/www.jakoblell.com\/blog\/2013\/10\/30\/real-world-csrf-attack-hijacks-dns-server-configuration-of-tp-link-routers-2\/.  Jakob Lell. 2013. Real-World CSRF attack hijacks DNS Server configuration of TP-Link routers. https:\/\/www.jakoblell.com\/blog\/2013\/10\/30\/real-world-csrf-attack-hijacks-dns-server-configuration-of-tp-link-routers-2\/."},{"key":"e_1_3_2_2_23_1","unstructured":"Mozilla. 2017. Same-origin policy. https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/Security\/Same-origin_policy.  Mozilla. 2017. Same-origin policy. https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/Security\/Same-origin_policy."},{"key":"e_1_3_2_2_24_1","unstructured":"Mozilla. 2019. Function.prototype.toString(). https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/JavaScript\/Reference\/Global_Objects\/Function\/toString.  Mozilla. 2019. Function.prototype.toString(). https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/JavaScript\/Reference\/Global_Objects\/Function\/toString."},{"key":"e_1_3_2_2_25_1","unstructured":"Netgate. 2018. DNS Rebinding Protections. https:\/\/www.netgate.com\/docs\/pfsense\/dns\/dns-rebinding-protections.html.  Netgate. 2018. DNS Rebinding Protections. https:\/\/www.netgate.com\/docs\/pfsense\/dns\/dns-rebinding-protections.html."},{"key":"e_1_3_2_2_26_1","unstructured":"Petko D. Petkov. 2007. Google Gmail e-mail hijack technique. https:\/\/www.gnucitizen.org\/blog\/google-gmail-e-mail-hijack-technique\/.  Petko D. Petkov. 2007. Google Gmail e-mail hijack technique. https:\/\/www.gnucitizen.org\/blog\/google-gmail-e-mail-hijack-technique\/."},{"key":"e_1_3_2_2_27_1","unstructured":"Rapid 7. 2019. Metasploit Framework. https:\/\/metasploit.com\/.  Rapid 7. 2019. Metasploit Framework. https:\/\/metasploit.com\/."},{"key":"e_1_3_2_2_28_1","doi-asserted-by":"crossref","unstructured":"J. Rosenberg R. Mahy P. Matthews and D. Wing. 2008. Session Traversal Utilities for NAT (STUN). http:\/\/tools.ietf.org\/rfc\/rfc5389.txt RFC5389.  J. Rosenberg R. Mahy P. Matthews and D. Wing. 2008. Session Traversal Utilities for NAT (STUN). http:\/\/tools.ietf.org\/rfc\/rfc5389.txt RFC5389.","DOI":"10.17487\/rfc5389"},{"volume-title":"Same-Origin Policy: Evaluation in Modern Browsers. In 26th USENIX Security Symposium (USENIX Security 17)","year":"2017","author":"Schwenk J\u00f6rg","key":"e_1_3_2_2_29_1"},{"key":"e_1_3_2_2_30_1","unstructured":"Selenium. 2018. SeleniumHQ Browser Automation. https:\/\/www.seleniumhq.org.  Selenium. 2018. SeleniumHQ Browser Automation. https:\/\/www.seleniumhq.org."},{"volume-title":"Drive-By Pharming","author":"Stamm Sid","key":"e_1_3_2_2_31_1","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-540-77048-0_38"},{"key":"e_1_3_2_2_32_1","unstructured":"Paul Stone. 2013. Pixel Perfect Timing Attacks with HTML5. https:\/\/www.contextis.com\/media\/downloads\/Pixeltextunderscore Perfect_Timing_Attacks_with_HTML5_Whitepaper.pdf.  Paul Stone. 2013. Pixel Perfect Timing Attacks with HTML5. https:\/\/www.contextis.com\/media\/downloads\/Pixeltextunderscore Perfect_Timing_Attacks_with_HTML5_Whitepaper.pdf."},{"key":"e_1_3_2_2_33_1","unstructured":"The BeEF Project. 2019. BeEF - The Browser Exploitation Framework. https:\/\/beefproject.com\/.  The BeEF Project. 2019. BeEF - The Browser Exploitation Framework. https:\/\/beefproject.com\/."},{"key":"e_1_3_2_2_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/NTMS.2015.7266460"},{"key":"e_1_3_2_2_35_1","unstructured":"Anna van Kesteren. 2012. The From-Origin Header. https:\/\/www.w3.org\/TR\/from-origin\/.  Anna van Kesteren. 2012. The From-Origin Header. https:\/\/www.w3.org\/TR\/from-origin\/."},{"key":"e_1_3_2_2_36_1","unstructured":"John Wilander. 2018. Cross-Origin-Resource-Policy (was: From-Origin). https:\/\/github.com\/whatwg\/fetch\/issues\/687.  John Wilander. 2018. Cross-Origin-Resource-Policy (was: From-Origin). https:\/\/github.com\/whatwg\/fetch\/issues\/687."},{"key":"e_1_3_2_2_37_1","unstructured":"World Wide Web Consortium (W3C). 2010. Same Origin Policy. https:\/\/www.w3.org\/Security\/wiki\/Same_Origin_Policy.  World Wide Web Consortium (W3C). 2010. Same Origin Policy. https:\/\/www.w3.org\/Security\/wiki\/Same_Origin_Policy."},{"key":"e_1_3_2_2_38_1","unstructured":"World Wide Web Consortium (W3C). 2018a. onerror Event. https:\/\/www.w3schools.com\/jsref\/event_onerror.asp.  World Wide Web Consortium (W3C). 2018a. onerror Event. https:\/\/www.w3schools.com\/jsref\/event_onerror.asp."},{"key":"e_1_3_2_2_39_1","unstructured":"World Wide Web Consortium (W3C). 2018b. onload Event. https:\/\/www.w3schools.com\/jsref\/event_onload.asp.  World Wide Web Consortium (W3C). 2018b. onload Event. https:\/\/www.w3schools.com\/jsref\/event_onload.asp."},{"volume-title":"The Tangled Web: A Guide to Securing Modern Web Applications","author":"Zalewski Michael","key":"e_1_3_2_2_40_1"}],"event":{"name":"ASIA CCS '20: The 15th ACM Asia Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Taipei Taiwan","acronym":"ASIA CCS '20"},"container-title":["Proceedings of the 15th ACM Asia Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3320269.3372196","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3320269.3372196","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T19:04:52Z","timestamp":1750273492000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3320269.3372196"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,10,5]]},"references-count":40,"alternative-id":["10.1145\/3320269.3372196","10.1145\/3320269"],"URL":"https:\/\/doi.org\/10.1145\/3320269.3372196","relation":{},"subject":[],"published":{"date-parts":[[2020,10,5]]},"assertion":[{"value":"2020-10-05","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}