Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Using domain whois information for fun and profit

From: Steven Rakick <stevenrakick () yahoo com>
Date: Fri, 3 Mar 2006 14:00:01 -0800 (PST)
Let me ask you something.

If I send an email to full disclosure with cookie
theft JS in the body of my message and some Fucktard
email reader executes it, would you blame Mailman or
the Fucktard email reader?

On 2/27/06, Response Team <lolirt () gmail com> wrote:

The whois information for this domain contains a

<script> tag. This means if

you are to view the whois information on any HTML

based page, the script is

executed. 

Registrant:
   DOMIBOT (CAREFREETRAVELMN-COM-DOM) 
   Avenida Caroni 5478
   Colinas Monte, Caracas
   Venezuela
   +1.2085751538
  

<script>open('http://CAREFREETRAVELMN.COM&apos;);</script>

   +1.2085751538 
   domains () domibot com

   Domain Name: CAREFREETRAVELMN.COM
   Status: PROTECTED

A google search for HTML based Whois pages turned

up:

http://networking.ringofsaturn.com/Tools/whois.php
If you do a whois on carefreetravelmn.com, you get a

popup window. 


Should internic allow <tags> to be used in domain

registration contact info?


-traid

_______________________________________________
Full-Disclosure - We believe in it.
Charter:


http://lists.grok.org.uk/full-disclosure-charter.html

Hosted and sponsored by Secunia -

http://secunia.com/





__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: