Sign in to follow this  
Followers 0
systems_glitch

XSS via DNS

1 post in this topic

Apparently someone else thought about this a few years ago, but I was working on my Dynamic DNS project last night and thought, how many websites grab DNS or reverse DNS information and just pass it to the browser, unescaped? Apparently nonzero:

 

https://dig.whois.com.au/dig/hax.bv.theglitchworks.net

 

Click the button :)

 

The following site works for both forward lookup on hax.bv.theglitchworks.net and reverse lookup on 2001:470:1f07:b75::1337

 

http://www.webdnstools.com/dnstools/dns-lookup-ipv6

 

Another example of how no external data should ever be trusted!

1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0