BerandaComputers and TechnologyCross-Site Scripting via Whois and DNS Records

Cross-Site Scripting via Whois and DNS Records

James Sebree

Nov 24

·

1

min read

On a whim, I tossed this into the address field of the registrant data of a domain so it’d appear in whois records: . I figured, what the heck, let’s toss it in a DNS TXT record as well. Nothing new or novel. Nothing clever. Nothing remotely interesting… but endlessly entertaining.

Image for post

Image for post

XSS via domain.me’s WHOIS lookup tools

Image for post

Image for post

XSS via dnslookup.online’s DNS lookup tool

Image for post

Image for post

XSS via kdmarc.com’s DNS lookup tool

Image for post

Image for post

XSS via network-tools.com WHOIS lookup tool

Thank you for coming to my TED talk. More info here: https://www.tenable.com/security/research/tra-2020-64

Read More

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Recent Comments