Stuffing JavaScript into DNS TXT Records

This is from the slightly interesting notebook.

~

This is from the slightly interesting notebook.

If you check out the TXT record for dor.ky you’ll see there is a record

stuffed with Javascript, which will fire in a lot of whois web services.

scott$   dig txt dor.ky @sam.ns.cloudflare.com

;; QUESTION SECTION:
;dor.ky.                IN  TXT

;; ANSWER SECTION:
dor.ky.            300 IN  TXT "<script type='text/javascript'>alert('This is from a DNS record!');</script>"

You can see this firing in action over at http://mxtoolbox.com/SuperTool.aspx?action=txt%3ador.ky, I’m not picking on them specifically, there were a number of online tools that were vulnerable to this.

I’d be interested to see if you have any more creative ideas on what we can do with this.


~

Comments