[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-disclosure] Arin.net XSS

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: RE: [Full-disclosure] Arin.net XSS
From: Steven Rakick <stevenrakick@xxxxxxxxx>
Date: Fri, 3 Mar 2006 13:51:37 -0800 (PST)

WHO CARES?! YES WE ALL KNOW JS WILL RUN WITH HTML
ENTITIES UNDER MANY STRANGE CIRCUMSTANCES. BROWSER
SUPPORT IS WELL DOCUMENTED ON MANY XSS FOR DUMMIES
SITES (http://ha.ckers.org/xss.html).

This is a complete waste of peoples time, bandwidth
and storage.


-----Original Message-----
From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
[mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On
Behalf Of php0t
Sent: Friday, March 03, 2006 4:29 PM
To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: RE: [Full-disclosure] Arin.net XSS


  Yes, because firefox probably doesn't execute
javascript if the location is in an IMG tag.
I don't know why they posted that in the first place.

Here's a link that will probably work under both
browsers

http://ws.arin.net/whois/?queryinput=%3Cscript%3Ealert('666')%3C/script%
3E

> Right,
>    Did this ever work? This fails for me man. How
did you verify it?


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] Arin.net XSS
Next by Date: Re: [Full-disclosure] Using domain whois information for fun and profit
Previous by thread: Re: [Full-disclosure] Re: Arin.net XSS
Next by thread: [Full-disclosure] Mobile Devices- Security Resouces links and Tools
Index(es):
- Date
- Thread