Full Disclosure mailing list archives
Re: Arin.net XSS
From: "Dave Korn" <davek_throwaway () hotmail com>
Date: Mon, 6 Mar 2006 14:18:36 -0000
Michael Holstein wrote:
Here's a link that will probably work under both browsers http://ws.arin.net/whois/?queryinput=%3Cscript%3Ealert('666')%3C/script%3E(Firefox 1.5.0.1 on Linux) No match found for <script>alert('666')</script>.
Works on 1.0.x, I got the popup!
cheers,
DaveK
--
Can't think of a witty .sigline today....
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Arin.net XSS Terminal Entry (Mar 03)
- Re: Arin.net XSS Dave Korn (Mar 03)
- Re: Re: Arin.net XSS Alexander Hristov (Mar 03)
- Re: Re: Arin.net XSS J u a n (Mar 03)
- Re: Re: Arin.net XSS Alexander Hristov (Mar 03)
- Re: Arin.net XSS Steven (Mar 03)
- Re: Arin.net XSS Simon Smith (Mar 03)
- Re: Arin.net XSS Steven (Mar 03)
- Re: Arin.net XSS Dave Korn (Mar 06)
- RE: Arin.net XSS php0t (Mar 03)
- Re: Arin.net XSS Michael Holstein (Mar 03)
- Re: Arin.net XSS Dave Korn (Mar 06)
- Re: Re: Arin.net XSS Paul Farrow (Mar 06)
- Re: Arin.net XSS Simon Smith (Mar 03)
- Re: Arin.net XSS Dave Korn (Mar 03)
- <Possible follow-ups>
- RE: Re: Arin.net XSS Terminal Entry (Mar 03)
- Re: Re: Arin.net XSS Dave Korn (Mar 06)
- Re: Re: Arin.net XSS Morning Wood (Mar 06)
- RE: Re: Arin.net XSS Steven Rakick (Mar 03)
- RE: Arin.net XSS Steven Rakick (Mar 03)