Cross-site Scripting via WHOIS and DNS Records
Published in
Nov 24, 2020
On a whim, I tossed this into the address field of the registrant data of a domain so it’d appear in whois records: <script>alert(1);</script>
. I figured, what the heck, let’s toss it in a DNS TXT record as well. Nothing new or novel. Nothing clever. Nothing remotely interesting… but endlessly entertaining.
Thank you for coming to my TED talk. More info here: https://www.tenable.com/security/research/tra-2020-64