Full Disclosure mailing list archives

Re: Global *.net XSS, thank you Verisign(TM)

From: Marc Slemko <marcs () znep com>
Date: Tue, 16 Sep 2003 07:20:28 -0700 (PDT)

On Mon, 15 Sep 2003 xss_slut () hushmail com wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Quite recently, Verisign took over the internet. What parts, you might

ask?

Well, the parts in nomad land.

Do a dig on _anything_you_like.net, and you'll find an IP. Point a
browser at http://junkurlblahblah.net, and you'll find yourself at
sitefinder.verisign.com

This by it's self doesn't create a vulnerability, however, when combined

with a XSS bug, this works in IE:

http://";alert('slut');".net


And how is this a security issue that is of anything more than trivial
importance?  How is it a "global XSS" hole?

The hole is on a page on sitefinder.verisign.com, not on the server that
is answering for *.net and *.com.  All that server does is redirect you.
The impact of the hole is the same regardless of if the *.com and *.net
wildcard exists or not.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Global *.net XSS, thank you Verisign(TM) xss_slut (Sep 16)
- Re: Global *.net XSS, thank you Verisign(TM) Jedi/Sector One (Sep 16)
  - Re: Global *.net XSS, thank you Verisign(TM) James Greenhalgh (Sep 16)
  - Re: Global *.net XSS, thank you Verisign(TM) Paul Holman (Sep 16)
  - Re: Global *.net XSS, thank you Verisign(TM) J.A. Terranson (Sep 16)
  - Re: Global *.net XSS, thank you Verisign(TM) morning_wood (Sep 18)
- Re: Global *.net XSS, thank you Verisign(TM) Marc Slemko (Sep 16)
  - Re: Global *.net XSS, thank you Verisign(TM) morning_wood (Sep 18)
- RE: Global *.net XSS, thank you Verisign(TM) Richard M. Smith (Sep 16)
  - RE: Global *.net XSS, thank you Verisign(TM) tadpole-boy (Sep 16)
  - Re: Global *.net XSS, thank you Verisign(TM) Scott Manley (Sep 16)