Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
XSS on Whois
Posted by: klaus
Date: December 03, 2007 01:20AM

XSS on Whois data?!

Source: http://www.blackhatdomainer.com/whois-xss/



Edited 1 time(s). Last edit at 12/03/2007 01:21AM by klaus.

Options: ReplyQuote
Re: XSS on Whois
Posted by: rsnake
Date: December 10, 2007 05:36PM

That is really sexy. id claims we've talked about this before, but I don't recall - too many ideas floating around in my head. Anyway, very cool!

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: XSS on Whois
Posted by: klaus
Date: December 10, 2007 08:13PM

Thanks a lot RSnake! Very flattered for receiving such a compliment from someone like you! :)

Options: ReplyQuote
Re: XSS on Whois
Posted by: rsnake
Date: December 10, 2007 10:07PM

Haha, I'm no one special - seriously. I'm just well known, for good or for bad.

But anyway, does anyone have a PoC? It would be cool for demonstration purposes. We use Godaddy for all our registrations (not that id likes that, and we've talked about changing it a number of times but haven't gotten around to it) - and we also still use the domain protection services (for back when we were a lot less known than we are now).

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: XSS on Whois
Posted by: thrill
Date: December 10, 2007 11:34PM

I'll let you know tomorrow or the day after if dotster made the changes. :)

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
Re: XSS on Whois
Posted by: rsnake
Date: December 10, 2007 11:44PM

That rules.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: XSS on Whois
Posted by: thrill
Date: December 27, 2007 05:17PM

And to update you guys on this, this actually does work. Dotster allowed me to put a little snipet in part of my address and rsnake and I have found a couple of vulnerable whois servers that actually run the script.

But rsnake is too lazy to get a screen capture of it, and I would hate to give you all my info.. so here's my screen shot to prove it works:



EDIT: I went ahead and made the image smaller since RSnake wants to blog about it, also, here's the info on how it looks if you do a command line whois:

Technical Contact:
xxxxx, xxxxx domains@xxxxxxx.com
Some Company Name Here
P.O. Box xxxx
<script>alert("your browser is br0k3d")</script>
Pleasanton, California 94588
US
415-555-1212

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill



Edited 1 time(s). Last edit at 12/30/2007 03:25PM by thrill.

Options: ReplyQuote
Re: XSS on Whois
Posted by: rsnake
Date: December 30, 2007 02:49PM

Lazy, yes. But good intentioned, yes! I'll blog about it instead.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: XSS on Whois
Posted by: sana
Date: December 30, 2007 11:33PM

You know, the good part is that we already know where's the site you've hacked! Just a little examination in the screenshot reveals... ;)

(By the way, sorry if my post seems offensive. I'm not native English. And I know how it may feel when a newbie sends these posts to a forum)

Options: ReplyQuote


Sorry, only registered users may post in this forum.