CypherGhost wrote: Hmm. How much do you want to bet the dumbasses that did this also left an XSS vulnerability on this web page? If so, they just made it pretty easy to become any host that doesn't exist. I expect you will be "online.bankofamerica.com" and "500dollarcredit.charter.net" before lunch :)
That would be a bad bet to make because it's already been published a few times that this crap leads fairly directly to XSS problems of all sorts. Hell, it could even be argued that returning phony results for subdomains owned by other organizations amounts to things like fraud, trademark dilution, and possibly even sabotage since this is a broken thing to do to otherwise correctly functioning domains owned by someone else. RE: Charter fucks with DNS |