On this site, we provide a simple online tool to test for some of the vulnerabilities. This test cannot detect all resolver misinterpretation vulnerabilities as the required queries cannot be triggered with javascript in all cases. To test for all vulnerabilities, you can download our test tool or conduct a manual test.
Download tool Manual testThe tests are currently executed. This process may take several minutes.
The sanity chech which ensures that both of our test servers are reachable failed. This is required for the test to work, otherwise the results are unusable:
Your resolver is vulnerable against the cnamezero zero injection payload!
This should be immidiately mitigated as it allows a very easy attack. If you cannot change the behaviour of the resolver you are currently using, you should consider switching to another resolver.
This test works feeding the resolver with the following records:
cnamedot.attacker.com. IN CNAME victim.com\000.attacker.com. victim.com\000.attacker.com. IN A 6.6.6.6
When processing the victim.com\000.attacker.com
name, the resolver might confuse it with the legitimate victim.com
domain, thereby replacing the IP address for victim.com
with the attacker's address (6.6.6.6
).
Detailed results for different attack variants:
Your resolver is vulnerable against the cnamedot zero injection payload.
This is not as critical as vulnerability against zero-byte injection, but you might still consider switching to another resolver.
This test work feeding the resolver with the following records:
cnamedot.attacker.com. IN CNAME www\.victim.com. www\.victim.com. IN A 6.6.6.6
When processing the www\.victim.com
name, the resolver might confuse it with the legitimate www.victim.com
domain, thereby replacing the IP address for www.victim.com
with the attacker's address (6.6.6.6
).
Detailed results for different attack variants:
These tests will test if your resolver validates hostnames per RFC952. Other than domain names, which can contain arbitrary characters, hostnames are only allowed to contain the characters [0-9a-z-.]
. To reduce the chance the an application which is unaware of this is attacked using a domain name containg an injection payloads, stub resolvers should thereby filtering such names.
/
) was not filtered by your resolver.
@
) was not filtered by your resolver.
<img/src=''/onerror='alert("xss")'>
) was not filtered by your resolver.
a'OR''=''--
) was not filtered by your resolver.
\027[31\;1\;4mHello\027[0m
) was not filtered by your resolver.
In case you are interested you can look at th raw test result data here.
{{json(results)}}