|
|
|
|
|
|
by kazinator
4292 days ago
|
|
|
Since there is very little discussion in the link, pardon me for stating what may be obvious to some, but not necessarily everyone. The point here is that: 1. DNS TXT records can contain HTML, including scripts and whatever. 2. Domain registrants can publish arbitrary TXT records. 3. TXT records can appear in pages generated by web sites which serve, for instance, as portals for viewing domain registration information, including DNS records such as TXT records. 4. Thus, such sites are vulnerable to perpetrating cross-site-script attacks (XSS) on their visitors if they naively paste the TXT record contents into the surrounding HTML. 5. The victim is the user who executes a query which finds the malicious domain which serves up the malicious TXT record that is interpolated into the displayed results. The user's browser executes the malicious code. Thus, when you are generating UI markup from pieces, do not trust any data that is pulled from any third-party untrusted sources, including seemingly harmless TXT records. |
|
|