How DNS Rebinding Works
The attacker registers a domain (such as attacker.com) and delegates it to a DNS server he controls. The server is configured to respond with a very short time to live (TTL) record, preventing the response from being cached. When the victim browses to the malicious domain, the attacker's DNS server first responds with the IP address of a server hosting the malicious client-side code. For instance, he could point the victim's browser to a website that contains malicious JavaScript or Flash.
The malicious client-side code makes additional accesses to the original domain name (such as attacker.com). These are permitted by the same-origin policy. However, when the victim's browser runs the script it makes a new DNS request for the domain, and the attacker replies with a new IP address. For instance, he could reply with an internal IP address or the IP address of a target somewhere else on the Internet.
Read more about this topic: DNS Rebinding
Famous quotes containing the word works:
“I look on trade and every mechanical craft as education also. But let me discriminate what is precious herein. There is in each of these works an act of invention, an intellectual step, or short series of steps taken; that act or step is the spiritual act; all the rest is mere repetition of the same a thousand times.”
—Ralph Waldo Emerson (1803–1882)