CORSICA: Cross-Origin Web Service Identification
Christian Dresen, Fabian Ising, Damian Poddebniak, Tobias Kappert, Thorsten Holz, Sebastian Schinzel
ACM Asia Conference on Computer & Communications Security (ASIACCS), Taipei, Taiwan, June 2020
We implement and test these techniques in a tool called CORSICA. It can successfully identify 31 of 42 (74%) of web services running on different IoT devices as well as the version numbers of the four most widely used content management systems WordPress, Drupal, Joomla, and TYPO3. CORSICA can also determine the patch level on average down to three versions (WordPress), six versions (Drupal), two versions (Joomla), and four versions (TYPO3) with only ten requests on average. Furthermore, CORSICA is able to identify 48 WordPress plugins containing 65 vulnerabilities. Finally, we analyze mitigation strategies and show that the proposed but not yet implemented strategies Cross-Origin Resource Policy (CORP) and Sec-Metadata would prevent our identification techniques.