Xss via dns
-
From reddit:
[s]http://who.is/dns/jamiehankins.co.uk[/s] (Fixed now)
Next site that is vulnerable!
http://mxtoolbox.com/SuperTool.aspx?action=txt%3Ajamiehankins.co.uk&run=toolpage
Edit, another site!
http://www.reddit.com/r/programming/comments/2gs2c3/dns_txt_record_xss/
-
Now that is something to behold.
-
Nice. Now profile it using google analytics in the DNS text/script.
-
Isn't that SOP for ISPs these days?
-
-
Oh boy...
http://mxtoolbox.com/SuperTool.aspx?action=txt%3Ajamiehankins.co.uk&run=toolpage# is worse even.. It seems each time a new instance is added to the page, making it slowing to a crawl
-
It would appear to have been fixed now though...?
-
The title is pretty misleading here. It's just Yet Another Website Doesn't Sanitize Freeform User Input bug. Nothing inherent in the DNS system.
-
Correct, but the delivery method - via DNS - is definitely unusual. I wonder how many WHOIS sites are actually vulnerable.
-
It's not misleading. I said via.
Webster dictionary defines via as:
1
: by way of
2
: through the medium or agency of;
If I said XSS IN DNS, then that's misleading.
-
Fun fact, who.is is using PHP. You can confirm this by going to "index.php" and getting their search page but if you type index2.php you get a 404 error.
So somebody learned:
- Never trust any input
- What is htmlentities?
-
O look at that, an SSL cert site is vulnerable
-
Fun fact, who.is is using PHP. You can confirm this by going to "index.php" and getting their search page but if you type index2.php you get a 404 error.
So somebody learned:
- Never trust any input
- What is htmlentities?
I'd settle for htmlspecialchars() personally, don't need to wrangle everything into entities.
-
Youtube for posterity
-
Confirmed:
(Suspected, strips the javascript tag and PHP tags)
also vulnerable.
-
So it looks like MX tried to fix it... but they've actually just leaked shit all over the place.
http://mxtoolbox.com/SuperTool.aspx?action=txt%3Ajamiehankins.co.uk&run=toolpage
-
Bumping this, because several of these sites are still vulnerable.