[dns-operations] Web Proxy Auto-Discovery (WPAD) Information Disclosure
Peter Koch
pk at DENIC.DE
Tue Dec 4 00:06:50 UTC 2007
> http://www.microsoft.com/technet/security/advisory/945713.mspx
> try, via DNS devolution, to resolve wpad.contoso.co.us. If that is not
> found, it will try to resolve wpad.co.us, which is outside of the
> contoso.co.us domain.
congratulations for only 14 years after publication of RFC 1535 finding out
that DNS tree climbing is a bad idea.
-Peter
More information about the dns-operations
mailing list