Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
_RPM
on Sept 18, 2014
|
parent
|
context
|
favorite
| on:
TXT Record XSS
When I went to the page, it started playing music. I find that very frustrating and annoying.
wittrock
on Sept 18, 2014
[–]
That's the point--who.is won't play music by itself. Its lookup of the DNS records of jaimehawkins.co.uk injected the music into the page.
_RPM
on Sept 18, 2014
|
parent
|
next
[–]
Oh I see. This makes sense. This doesn't seem challenging to prevent. A simple replacement of characters on the HTML entity table would have prevented this instead of putting arbitrary text onto standard output.
finnn
on Sept 18, 2014
|
root
|
parent
|
next
[–]
Correct. The purpose of this post is to demonstrate yet another class of website that does not validate user input.
0x0
on Sept 18, 2014
|
root
|
parent
|
prev
|
next
[–]
Yep, missing that is what makes this an "XSS" :)
justin66
on Sept 18, 2014
|
parent
|
prev
[–]
Yeah... that was actually hugely annoying. A little warning maybe.
hamburglar
on Sept 18, 2014
|
root
|
parent
[–]
Here's your warning: if you ever click on an HN link titled "<something> XSS", prepare for something annoying to happen.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
