Skip to main content

Q: What vulnerabilities can be exploited with DNS exfiltration?

A: DNS exfiltration can be used to exploit various vulnerabilities:

  1. SQL Injection: To exfiltrate sensitive data from a database when direct output is not possible.
  2. Cross-Site Scripting (XSS): To send stolen cookies or other session data to the attacker's DNS server.
  3. XML External Entity (XXE) Injection: To exfiltrate internal files and data via DNS queries.
  4. DNS Spoofing/Hijacking: To redirect legitimate traffic to a malicious server.
  5. General XSS: As a stealthy way to transfer data to an attacker-controlled server.
  6. Denial of Service (DoS): To exhaust a target's DNS resources.