Full Disclosure mailing list archives
Re: Using domain whois information for fun and profit
From: Steven Rakick <stevenrakick () yahoo com>
Date: Fri, 3 Mar 2006 14:00:01 -0800 (PST)
Let me ask you something. If I send an email to full disclosure with cookie theft JS in the body of my message and some Fucktard email reader executes it, would you blame Mailman or the Fucktard email reader? On 2/27/06, Response Team <lolirt () gmail com> wrote:
The whois information for this domain contains a
<script> tag. This means if
you are to view the whois information on any HTML
based page, the script is
executed. Registrant: DOMIBOT (CAREFREETRAVELMN-COM-DOM) Avenida Caroni 5478 Colinas Monte, Caracas Venezuela +1.2085751538
<script>open('http://CAREFREETRAVELMN.COM');</script>
+1.2085751538 domains () domibot com Domain Name: CAREFREETRAVELMN.COM Status: PROTECTED A google search for HTML based Whois pages turned
up:
http://networking.ringofsaturn.com/Tools/whois.php If you do a whois on carefreetravelmn.com, you get a
popup window.
Should internic allow <tags> to be used in domain
registration contact info?
-traid _______________________________________________ Full-Disclosure - We believe in it. Charter:
http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
http://secunia.com/
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Using domain whois information for fun and profit bkfsec (Mar 03)
- <Possible follow-ups>
- Re: Using domain whois information for fun and profit Steven Rakick (Mar 03)
- Re: Using domain whois information for fun and profit bkfsec (Mar 03)