[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20060227210605.GA11734@melpomene.jschipper.dynalias.net>
Date: Mon Feb 27 21:06:36 2006
From: j.schipper at math.uu.nl (Joachim Schipper)
Subject: Using domain whois information for fun and
profit
On Mon, Feb 27, 2006 at 02:41:17PM -0600, Response Team wrote:
> The whois information for this domain contains a <script> tag. This means if
> you are to view the whois information on any HTML based page, the script is
> executed.
>
> Registrant:
> DOMIBOT (CAREFREETRAVELMN-COM-DOM)
> Avenida Caroni 5478
> Colinas Monte, Caracas
> Venezuela
> +1.2085751538
> <script>open('http://CAREFREETRAVELMN.COM');</script>
> +1.2085751538
> domains@...ibot.com
>
> Domain Name: CAREFREETRAVELMN.COM
> Status: PROTECTED
>
> A google search for HTML based Whois pages turned up: http://
> networking.ringofsaturn.com/Tools/whois.php
> If you do a whois on carefreetravelmn.com, you get a popup window.
>
> Should internic allow <tags> to be used in domain registration contact info?
Why not? It's not like it's internic's problem that some
people/programmers do stupid things.
Blacklists wouldn't work anyway, and it's, again, not internic's fault
or problem.
And there is no reason to use a web-based client when all serious
networking operating systems come with a whois client supplied (or at
least very, very easily installed).
Joachim
Powered by blists - more mailing lists