From 439fd9a1a428e6322b1c01cdf486e221a430003b Mon Sep 17 00:00:00 2001
From: Sourav Chakraborty <123477647+souravvvv123@users.noreply.github.com>
Date: Sat, 4 Jan 2025 15:31:10 +0530
Subject: [PATCH] Update other-web-tricks.md

added same site scripting
---
 src/other-web-tricks.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/other-web-tricks.md b/src/other-web-tricks.md
index c3487fb11..4de4ec85f 100644
--- a/src/other-web-tricks.md
+++ b/src/other-web-tricks.md
@@ -36,3 +36,6 @@ Developers might forget to disable various debugging options in the production e
 
 {{#include ./banners/hacktricks-training.md}}
 
+### Same-Site Scripting
+
+It occurs when we encounter a domain or subdomain which resolves to localhost or 127.0.0.1 due to certain DNS misconfigurations.It allows an attacker to cheat the RFC2109 (HTTP State Management Mechanism) same origin restrictions, and therefore hijack state management data. It may also allow cross-site scripting. You can read more about it from [here](https://seclists.org/bugtraq/2008/Jan/270)