Blogs

External Service Interaction vulnerability discovered in the U.S. Department of Defense (now patched)

Target: U.S. Department of Defense Summary An External Service Interaction vulnerability (DNS and HTTP) was identified on the domain www.█████████. Burp Collaborator Results: DNS request received from: ████████ HTTP request received from: ███ Impact The External Service Interaction vulnerability occurs when an attacker can induce an application to interact with arbitrary external services such as DNS or HTTP. This can also extend to other services like FTP, SMTP, etc. Potential impacts include: DDoS Attacks: Exploiting the interaction to flood external