|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: [Full-disclosure] Arin.net XSS
From: Steven Rakick (stevenrakick
yahoo.com)
Date: Fri Mar 03 2006 - 15:51:37 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
WHO CARES?! YES WE ALL KNOW JS WILL RUN WITH HTML
ENTITIES UNDER MANY STRANGE CIRCUMSTANCES. BROWSER
SUPPORT IS WELL DOCUMENTED ON MANY XSS FOR DUMMIES
SITES (http://ha.ckers.org/xss.html).
This is a complete waste of peoples time, bandwidth
and storage.
-----Original Message-----
From: full-disclosure-bounceslists.grok.org.uk
[mailto:full-disclosure-bounceslists.grok.org.uk] On
Behalf Of php0t
Sent: Friday, March 03, 2006 4:29 PM
To: full-disclosurelists.grok.org.uk
Subject: RE: [Full-disclosure] Arin.net XSS
Yes, because firefox probably doesn't execute
javascript if the location is in an IMG tag.
I don't know why they posted that in the first place.
Here's a link that will probably work under both
browsers
http://ws.arin.net/whois/?queryinput=%3Cscript%3Ealert('666')%3C/script%
3E
> Right,
> Did this ever work? This fails for me man. How
did you verify it?
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]