Full Disclosure mailing list archives
RE: Arin.net XSS
From: "php0t" <very () unprivate com>
Date: Fri, 3 Mar 2006 22:29:10 +0100
Yes, because firefox probably doesn't execute javascript if the location is in an IMG tag. I don't know why they posted that in the first place. Here's a link that will probably work under both browsers http://ws.arin.net/whois/?queryinput=%3Cscript%3Ealert('666')%3C/script% 3E
Right, Did this ever work? This fails for me man. How did you verify it?
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Arin.net XSS Terminal Entry (Mar 03)
- Re: Arin.net XSS Dave Korn (Mar 03)
- Re: Re: Arin.net XSS Alexander Hristov (Mar 03)
- Re: Re: Arin.net XSS J u a n (Mar 03)
- Re: Re: Arin.net XSS Alexander Hristov (Mar 03)
- Re: Arin.net XSS Steven (Mar 03)
- Re: Arin.net XSS Simon Smith (Mar 03)
- Re: Arin.net XSS Steven (Mar 03)
- Re: Arin.net XSS Dave Korn (Mar 06)
- RE: Arin.net XSS php0t (Mar 03)
- Re: Arin.net XSS Michael Holstein (Mar 03)
- Re: Arin.net XSS Dave Korn (Mar 06)
- Re: Re: Arin.net XSS Paul Farrow (Mar 06)
- Re: Arin.net XSS Simon Smith (Mar 03)
- Re: Arin.net XSS Dave Korn (Mar 03)
- <Possible follow-ups>
- RE: Re: Arin.net XSS Terminal Entry (Mar 03)
- Re: Re: Arin.net XSS Dave Korn (Mar 06)
- Re: Re: Arin.net XSS Morning Wood (Mar 06)
- RE: Re: Arin.net XSS Steven Rakick (Mar 03)
- RE: Arin.net XSS Steven Rakick (Mar 03)