Stuffing JavaScript into DNS TXT Records

This is from the slightly interesting notebook.

If you check out the TXT record for dor.ky you’ll see there is a record

stuffed with Javascript, which will fire in a lot of whois web services.

scott$   dig txt dor.ky @sam.ns.cloudflare.com
;; QUESTION SECTION:

;dor.ky.                IN  TXT
;; ANSWER SECTION:

dor.ky.            300 IN  TXT “<script type=‘text/javascript’>alert(‘This is from a DNS record!’);</script>”

You can see this firing in action over at http://mxtoolbox.com/SuperTool.aspx?action=txt%3Ador.ky, I’m not picking on them specifically, there were a number of online tools that were vulnerable to this.

I’d be interested to see if you have any more creative ideas on what we can do with this.