| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri Mar 3 22:00:11 2006
From: stevenrakick at yahoo.com (Steven Rakick)
Subject: Using domain whois information for fun and
profit
Let me ask you something.
If I send an email to full disclosure with cookie
theft JS in the body of my message and some Fucktard
email reader executes it, would you blame Mailman or
the Fucktard email reader?
On 2/27/06, Response Team <lolirt@...il.com> wrote:
> The whois information for this domain contains a
<script> tag. This means if
> you are to view the whois information on any HTML
based page, the script is
> executed.
>
> Registrant:
> DOMIBOT (CAREFREETRAVELMN-COM-DOM)
> Avenida Caroni 5478
> Colinas Monte, Caracas
> Venezuela
> +1.2085751538
>
<script>open('http://CAREFREETRAVELMN.COM');</script>
> +1.2085751538
> domains@...ibot.com
>
> Domain Name: CAREFREETRAVELMN.COM
> Status: PROTECTED
>
> A google search for HTML based Whois pages turned
up:
> http://networking.ringofsaturn.com/Tools/whois.php
> If you do a whois on carefreetravelmn.com, you get a
popup window.
>
> Should internic allow <tags> to be used in domain
registration contact info?
>
> -traid
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
>
http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia -
http://secunia.com/
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
Powered by blists - more mailing lists