Results for DNS resolution

Threat Research

PowerDNS Recursor HTML/Script Injection Vulnerability – A Walkthrough

PowerDNS Recursor is a high-end, high-performance resolving name server that powers the DNS resolution of at least a hundred million subscribers. The “Recursor” is one of two name server products whose primary goal is to act as resolving DNS server. On Aug. 7, 2017, I reported an XSS (cross-site scripting) vulnerability to PowerDNS and its Security Team. They assigned it the identifier CVE-2017-15092. In this report I will explain how I was able to identify and trigger the vulnerability.

By Chris NavarreteDecember 02, 2017