Hacker News new | ask | show | jobs
by iamwil 4292 days ago
How does this work?
3 comments
er0k 4292 days ago 

   jamiehankins.co.uk.	33	IN	TXT	"<script src='//peniscorp.com/topkek.js'></script>"

   jamiehankins.co.uk.	33	IN	TXT	"<iframe width='420' height='315' src='//www.youtube.com/embed/dQw4w9WgXcQ?autoplay=0' frameborder='0' allowfullscreen></iframe>"
link
JamieH 4292 days ago
The TXT record isn't being sanitized so it just echos out the script tag which then loads the JS file.
link
jb55 4292 days ago
Use dig:

$ dig txt jamiehankins.co.uk

https://gist.github.com/440ef567e4bcc8f7ce34

link