Multiple CSS/XSS vulnerabilities on directNIC.com

["Alex Lambert" <alambert () quickfire org>]

Hello,

Recently, I have discovered a multitude of areas on directNIC's domain
management area (secure.directnic.com) which are vulnerable to cross-site
scripting. I first contacted them about these problems almost a week ago. In
light of their continued ignorance of the scope of these issues, I have
decided to post information about this to the Bugtraq and vuln-dev mailing
lists.

These problems are particularly dangerous given that directNIC is a domain
name registrar. Possibilities are not limited to just cookie stealing; an
intruder can hijack any user's domain by changing the nameservers. (Of
course, the domain owner must still navigate to a carefully crafted URL --
social engineering is outside the scope of this message.)

mbrunson, a directNIC support representative, said that the company was
aware of the problem and that it "wasn't an issue".

For additional information, including an exploit code generator (which works
as of 2:45 PM Central today) and a log of my trouble ticket, please visit
http://wwwpool.quickfire.org/directnic_css_vuln.html



Cheers,

Alex Lambert
alambert () quickfire org


(If the above URL does not work, you might want to try
http://wwwpool.pwhsnet.com/directnic_css_vuln.html)