Full Disclosure mailing list archives
Re: Using domain whois information for fun and profit
From: Joachim Schipper <j.schipper () math uu nl>
Date: Mon, 27 Feb 2006 22:06:06 +0100
On Mon, Feb 27, 2006 at 02:41:17PM -0600, Response Team wrote:
The whois information for this domain contains a <script> tag. This means if you are to view the whois information on any HTML based page, the script is executed. Registrant: DOMIBOT (CAREFREETRAVELMN-COM-DOM) Avenida Caroni 5478 Colinas Monte, Caracas Venezuela +1.2085751538 <script>open('http://CAREFREETRAVELMN.COM');</script> +1.2085751538 domains () domibot com Domain Name: CAREFREETRAVELMN.COM Status: PROTECTED A google search for HTML based Whois pages turned up: http:// networking.ringofsaturn.com/Tools/whois.php If you do a whois on carefreetravelmn.com, you get a popup window. Should internic allow <tags> to be used in domain registration contact info?
Why not? It's not like it's internic's problem that some people/programmers do stupid things. Blacklists wouldn't work anyway, and it's, again, not internic's fault or problem. And there is no reason to use a web-based client when all serious networking operating systems come with a whois client supplied (or at least very, very easily installed). Joachim _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Using domain whois information for fun and profit Response Team (Feb 27)
- Re: Using domain whois information for fun and profit Joachim Schipper (Feb 27)
- Re: Using domain whois information for fun and profit Response Team (Feb 27)
- Re: Using domain whois information for fun and profit Joachim Schipper (Feb 27)