Full Disclosure mailing list archives
RE: Arin.net XSS
From: Steven Rakick <stevenrakick () yahoo com>
Date: Fri, 3 Mar 2006 13:51:37 -0800 (PST)
WHO CARES?! YES WE ALL KNOW JS WILL RUN WITH HTML ENTITIES UNDER MANY STRANGE CIRCUMSTANCES. BROWSER SUPPORT IS WELL DOCUMENTED ON MANY XSS FOR DUMMIES SITES (http://ha.ckers.org/xss.html). This is a complete waste of peoples time, bandwidth and storage. -----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of php0t Sent: Friday, March 03, 2006 4:29 PM To: full-disclosure () lists grok org uk Subject: RE: [Full-disclosure] Arin.net XSS Yes, because firefox probably doesn't execute javascript if the location is in an IMG tag. I don't know why they posted that in the first place. Here's a link that will probably work under both browsers http://ws.arin.net/whois/?queryinput=%3Cscript%3Ealert('666')%3C/script% 3E
Right, Did this ever work? This fails for me man. How
did you verify it? __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Arin.net XSS, (continued)
- Re: Arin.net XSS Steven (Mar 03)
- Re: Arin.net XSS Dave Korn (Mar 06)
- RE: Arin.net XSS php0t (Mar 03)
- Re: Arin.net XSS Michael Holstein (Mar 03)
- Re: Arin.net XSS Dave Korn (Mar 06)
- Re: Re: Arin.net XSS Paul Farrow (Mar 06)
- Re: Re: Arin.net XSS Dave Korn (Mar 06)
- Re: Re: Arin.net XSS Morning Wood (Mar 06)