I saw an interesting tweet: ‏@iJamieH regarding some cool DNS XSS! *well, "cool" if you are a nerd that is* (This is the link in the tweet). I thought it was so cool I had to try it too! *wohooo script kiddy!*

DNS XSS

It seems there are sites that reads the TXT field/value of the DNS entry. Like DNS Lookup servers/tools. (Or actually, MX, CNAME, and NS are also used) Now, if this text is interpreted in a browser, the "fun" starts.

As a example, see the link above (link). I tried this on one of my domains (egedi.me) by simple adding a TXT with a value type of something "fun": egedi.me
Behold the unicorns! And the YouTube-video... :) Well, I didn't give so much time so the script isn't perfect...you might need to reload the txt to see the unicorns in FF eg.

Fun stuff! That is all.

comments powered by Disqus