PowerDNS Recursor is a high-end, high-performance resolving name server that powers the DNS resolution of at least a hundred million subscribers. The “Recursor” is one of two name server products whose primary goal is to act as resolving DNS server. On Aug. 7, 2017, I reported an XSS (cross-site scripting) vulnerability to PowerDNS and its Security Team. They assigned it the identifier CVE-2017-15092. In this report I will explain how I was able to identify and trigger the vulnerability.
Article Link: https://blog.fortinet.com/2017/12/02/powerdns-recursor-html-script-injection-vulnerability-a-walkthrough