DNS as an attack vector

Here's a weird idea: stuffing Javascript into DNS to attack browsers. (via Hacker News)

7 Responses to “DNS as an attack vector”

  1. digi_owl says:

    So basically the issue is that if you fire up a web service that do DNS lookups for you (i’ll stick to nslookup or dig, thanks), said service may not bother to sanity check the response before mixing it with the result display template. I do wonder how much DNSSEC affects this.

    • hassenpfeffer says:

      It’s whether the same exploit can be used in REVERSE DNS lookups that has the discovered concerned, as that would open practically any web server to badness. I think his secondary concern of SQL injections is interesting but less likely to cause any real mischief.

      • digi_owl says:

        The response would still have to hit a html engine somehow to be effective tho, right?

      • JM Ibanez says:

        How would it affect a web server? As far as I can tell, the worst that can happen is that you’d have a JavaScript scriptlet in your logs; if your log viewer doesn’t sanitize its inputs, yeah. But how would it open “practically any web server to badness”?

  2. hassenpfeffer says:

    JavaScript: is there ANY evil it can’t be used for?

Leave a Reply