DNS Misconfiguration

From Hackipedia
Jump to: navigation, search
Hackerone #7085
Target: IRCCloud
Target Module:
Type: Best Practice/XSS
Payload:
Original: Link
CVE:
Archive

IRCCloud had a local.irccloud.com mapped to 127.0.0.1 in public DNS systems. This made it possible for users to launch same-site scripting attacks.


How To Perform

  1. Install the knock python script
    1. https://github.com/guelfoweb/knock
  2. Perform scan
  3. Check results for localhost/127.0.0.1