[dns-operations] dnsxss.

Stephane Bortzmeyer bortzmeyer at nic.fr
Mon Aug 27 09:14:41 UTC 2012

On Mon, Aug 27, 2012 at 09:05:05AM +0000,
 Dobbins, Roland <rdobbins at arbor.net> wrote 
 a message of 16 lines which said:

> <http://www.skullsecurity.org/blog/2010/stuffing-javascript-into-dns-names>

Funny but I'm not sure it is really useful for attacks in
practice. Several technical errors in the article (such as when it
says spaces do not work in DNS records). Anyway, it is a good
opportunity to remind Web developers that output should always be done
through a templating system, not with print()

More information about the dns-operations mailing list