[cnvogel]

Whenever you have credentials stored on the same host as the dns frontend. I imagine that a few domain-registrars will have similar tools available on their servers, so that users can check data on their own domains.

Imagine being logged in as your hostmaster account on http://your-registrar.com/, and having a malicious website redirect you to http://your-registrar.com/webtools/nslookup-tool.php?domain=....