lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon Mar 6 14:26:44 2006 From: pfarrow at flamenetworks.co.uk (Paul Farrow) Subject: Re: Arin.net XSS Confirmed: Windows XP Professional, SP1 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1 Dave Korn wrote: > Michael Holstein wrote: > >>> Here's a link that will probably work under both browsers >>> >>> http://ws.arin.net/whois/?queryinput=%3Cscript%3Ealert('666')%3C/script%3E >>> >> (Firefox 1.5.0.1 on Linux) >> >> No match found for <script>alert('666')</script>. >> >> > > Works on 1.0.x, I got the popup! > > > cheers, > DaveK >
Powered by blists - more mailing lists