DNS rebinding works as :
DNS rebinding is a technique used by attackers to trick your web browser into making requests to a malicious server without your knowledge.
Attacker Sets Up Domain: The attacker creates a domain, like attacker.com, and controls a DNS server.
Short TTL Record: The attacker configures the DNS server to respond with a very short Time-To-Live (TTL) record. This prevents your browser from remembering the DNS response for a long time.
Victim Accesses Malicious Domain: When you visit a website associated with the attacker’s domain, the DNS server controlled by the attacker responds with the IP address of a server hosting malicious code (like JavaScript or Flash).
Malicious Code Executed: Your browser executes the malicious code, which may perform harmful actions on your computer.
Code Accesses Original Domain: The malicious code makes additional requests to the original domain (attacker.com). This is allowed by the same-origin policy, a security measure in web browsers.
New DNS Request: The browser, following the same-origin policy, makes a new DNS request for the original domain. However, the attacker’s DNS server replies with a new IP address.
IP Address Change: The new IP address could be an internal one or that of a different target, allowing the attacker to direct your browser to interact with other systems, potentially exploiting vulnerabilities.