** Summary changed: - linux whois command contain inappropriate response + emtpy response
** Tags removed: xss ** Tags added: null ** Description changed: - whois command contain xss - - Tested in ubuntu 18.04, 16.04 - - whois "<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?" - - it will give full details of how to use whois and other stuff too. - - here output of above command - - # - # ARIN WHOIS data and services are subject to the Terms of Use - # available at: https://www.arin.net/resources/registry/whois/tou/ - # - # If you see inaccuracies in the results, please report at - # https://www.arin.net/resources/registry/whois/inaccuracy_reporting/ - # - # Copyright 1997-2019, American Registry for Internet Numbers, Ltd. - # - - - # - # Query terms are too ambiguous. Please refine query. - # - # - - ARIN's WHOIS service provides a mechanism for finding contact and registration - information for resources registered with ARIN. ARIN's database contains IP - addresses, autonomous system numbers, organizations, or customers that are - associated with these resources, and related Points of Contact [POC]. - - ARIN's WHOIS will NOT locate any domain related information, nor any - information relating to military networks. Please use whois.internic.net to - locate domain information, and whois.nic.mil for military network information. - - Many operating systems provide a whois utility. To conduct a query from the - command line, such as: - whois -h hostname <query string> - (e.g. whois -h whois.arin.net foo) - - To obtain a more specific response, you may conduct a search by using certain - flags. Many of these flags can be combined to tailor the desired output. - Flags must be separated from each other and from the search term by a space. - Your results will vary depending on the refinements you apply in your search. - Listed below are the flags currently available; you may only use one flag from - each flag-type in a query, i.e. one record type, one attribute, etc. - - - Query-by-record-type: - --------------------- - To limit your query to a specific record type, include one of the following - flags: - n Network address space - r CIDRized network space - d Delegations - a Autonomous systems - p Points-of-contact - o Organizations - c End-user customers - e Points-of-contact, Organizations, End-user customers - z All of the above - - - Query-by-attribute: - ------------------- - To limit your query to a specific record attribute, include one of the - following flags: - @<domain name> Searches for matches by domain-portion of an - email address - ! <handle> Searches for matches by handle or id - / <name> Searches for matches by name - . <name> Searches for matches by name - (same as above, but some WHOIS clients have problems with) - - Searches that retrieve a single record will display the full record. Searches - that retrieve more than one record will be displayed in list output. - - - Display flags: - -------------- - To modify the way that the query results display, include one of the - following flags: - + FULL output shows detailed display for EACH match - - LIST output shows summary only, even if single match - returned - - The + flag cannot be used with the sub-query features described below. - - - Record hierarchy: - ----------------- - Records in the ARIN WHOIS database have hierarchical relationships with other - records. To display those related records, use the following flags: - - < Displays the record related up the hierarchy. For a network, - display the supernet, or parent network in detailed format. - > Displays the record related down the hierarchy. For a network, - display the subdelegations, or subnets, below the network, in - list format. For an organization or customer, display the - resources registered to that organization or customer, in - list format. - = Display only an exact match in the hierarchy. - - - Wild card queries: - ------------------ - WHOIS supports wild card queries. This feature is only supported as a trailing - character option. To take advantage of this append the query with an asterisk - [*]. This can also be used in combination with any flags defined above. - - - Other helpful hints: - -------------------- - To guarantee matching only a single record, look it up by its handle using a - handle-only search. In the record summary line, the handle is shown in - parenthesis after the name. - - When using a handle to conduct a search for POC information, be sure to add - the -ARIN extension. - - Queries that return more than 256 - results will stop displaying data after the limit has been reached for each - record type. You may want to narrow your search criteria or add flags to your - query to limit the results. - - To search on an individual's name, you may enter the last name, or to further - restrict results, use the last name and first name, separated by a comma. For - example: Smith, John. - - - Contact us: - ----------- - For operational problems with WHOIS please contact [email protected] with the - appropriate details. - - To correct information within your area of responsibility, submit a template - to [email protected]. Information on how to fill out the appropriate template - can be found at: http://www.arin.net/resources/guide/request/documentation/ - - To notify ARIN of invalid POC information, contact [email protected] with - the relevant information. - - - Terms of Service: - ----------------- - ARIN WHOIS data and services are subject to the Terms of Use available at: - https://www.arin.net/resources/registry/whois/tou/ - - - # - # ARIN WHOIS data and services are subject to the Terms of Use - # available at: https://www.arin.net/resources/registry/whois/tou/ - # - # If you see inaccuracies in the results, please report at - # https://www.arin.net/resources/registry/whois/inaccuracy_reporting/ - # - # Copyright 1997-2019, American Registry for Internet Numbers, Ltd. - # + empty response ** Attachment removed: "whois_xss_bug.txt" https://bugs.launchpad.net/ubuntu/+source/whois/+bug/1829764/+attachment/5265087/+files/whois_xss_bug.txt ** Changed in: whois (Ubuntu) Status: Expired => Invalid ** Converted to question: https://answers.launchpad.net/ubuntu/+source/whois/+question/690710 ** Information type changed from Public to Private -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1829764 Title: emtpy response To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/whois/+bug/1829764/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
