DNS TXT XSS vulnerability affects many websites

  • 4
  •  
  •  
  •  
  •  
  •  
  •  
  •  
    4
    Shares

A number of websites across the internet are doing the text shake after online comedians began exploiting an XSS vulnerability flaw that makes pages dance and speakers blare. here is an example of one of the affected pages:

The flaws exist in the DNS text record – not the protocol – due to a lack of sanitation, and allowed internet scamps to turn boring websites like Who.is into a text-wobbling, screen-flashing party.

A registrant of the domain noticed the flaw and dropped < script > and < iframe > tags into TXT records, which were loaded by Who.is and MxToolbox.

The record type could store arbitrary text linked to a domain that would be improperly executed allowing hackers to pull of XSS attacks.

“The DNS protocol is not vulnerable in this instance – the attack is the result of a vulnerability in the web application and how it parses the results from the DNS query,” NCC Group Asia Pacific managing director Wade Alcorn said.

“A web application firewall would not have prevented this attack. This scenario emphasises the need for secure coding practices and that all inputs to an application should defend against attackers.”

The following two tabs change content below.

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]