Content Delivery Networks (CDNs) offer a protection layer for enhancing the security of websites. However, a significant security flaw named Absence of Domain Verification (DVA) has become emerging recently. Although this threat is recognized, the current practices and security flaws of domain verification strategies in CDNs have not been thoroughly investigated. In this paper, we present DVAHunter, an automated system for detecting DVA vulnerabilities that can lead to domain abuse in CDNs. Our evaluation of 45 major CDN providers reveals the prevalence of DVA: most (39/45) providers do not perform any verification, and even those that do remain exploitable. Additionally, we used DVAHunter to conduct a large-scale measurement of 89M subdomains from Tranco's Top 1M sites hosted on the 45 CDNs under evaluation. Our focus was on two primary DVA exploitation scenarios: covert communication and domain hijacking. We identified over 332K subdomains vulnerable to domain abuse. This tool provides deeper insights into DVA exploitation and allows us to propose viable mitigation practices for CDN providers. To date, we have received vulnerability confirmations from 12 providers; 6 (e.g., Edgio, Kuocai) have implemented fixes, and 1 (ChinaNetCenter) are actively working on solutions based on our recommendations.

翻译：内容分发网络（CDN）为增强网站安全性提供了保护层。然而，一种名为域名验证缺失（DVA）的重大安全漏洞近期逐渐显现。尽管该威胁已被认知，目前CDN中域名验证策略的实际实施状况与安全缺陷尚未得到彻底研究。本文提出DVAHunter，一种用于检测可能导致CDN域名滥用的DVA漏洞的自动化系统。我们对45家主流CDN提供商的评估揭示了DVA的普遍性：大多数提供商（39/45）未执行任何验证，即使执行验证的提供商仍存在可利用漏洞。此外，我们利用DVAHunter对来自Tranco Top 100万站点中托管于所评估45家CDN的8900万子域名进行了大规模测量。我们重点关注两种主要的DVA利用场景：隐蔽通信和域名劫持。共识别出超过33.2万个存在域名滥用风险的子域名。该工具为深入理解DVA利用提供了新视角，并使我们能够为CDN提供商提出可行的缓解方案。截至目前，我们已收到12家提供商的漏洞确认；其中6家（如Edgio、Kuocai）已实施修复措施，1家（ChinaNetCenter）正基于我们的建议积极制定解决方案。