Who.is does the Harlem Shake

  • 22 September 2014
  • 0 replies
  • 115 views

Userlevel 7
By Darren Pauli, 22 Sep 2014
Websites across the internet are doing the Harlem Shake after online comedians began exploiting cross site scripting (XSS) flaws that make pages dance and speakers blare.
The flaws exist in the DNS text record – not the protocol – due to a lack of sanitation, and allowed internet scamps to turn boring websites like Who.is into a text-wobbling, screen-flashing dance parties.
 A registrant of the domain that off the stunt noticed the flaw and dropped < script > and < iframe > tags into TXT records, which were loaded by Who.is and MxToolbox.
The record type could store arbitrary text linked to a domain that would be improperly executed allowing hackers to pull of XSS attacks.
"The DNS protocol is not vulnerable in this instance – the attack is the result of a vulnerability in the web application and how it parses the results from the DNS query," NCC Group Asia Pacific managing director Wade Alcorn said.
 
The Register/ full article and video here/ http://www.theregister.co.uk/2014/09/22/whois_does_the_harlem_shake/
 
 

0 replies

Be the first to reply!

Reply