Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Using domain whois information for fun and profit

from [Joachim Schipper] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Using domain whois information for fun and profit
Date: Mon, 27 Feb 2006 22:06:06 +0100 
On Mon, Feb 27, 2006 at 02:41:17PM -0600, Response Team wrote:

The whois information for this domain contains a <script> tag. This means if
you are to view the whois information on any HTML based page, the script is
executed.

Registrant:
   DOMIBOT (CAREFREETRAVELMN-COM-DOM)
   Avenida Caroni 5478
   Colinas Monte, Caracas
   Venezuela
   +1.2085751538
   <script>open('http://CAREFREETRAVELMN.COM');</script>
   +1.2085751538
   domains@domibot.com

   Domain Name: CAREFREETRAVELMN.COM
   Status: PROTECTED

A google search for HTML based Whois pages turned up: http://
networking.ringofsaturn.com/Tools/whois.php
If you do a whois on carefreetravelmn.com, you get a popup window.

Should internic allow <tags> to be used in domain registration contact info?


Why not? It's not like it's internic's problem that some
people/programmers do stupid things.

Blacklists wouldn't work anyway, and it's, again, not internic's fault
or problem.

And there is no reason to use a web-based client when all serious
networking operating systems come with a whois client supplied (or at
least very, very easily installed).

                Joachim
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Full-disclosure] Using domain whois information for fun and profit, php0t
Next by Date:  [Full-disclosure] IN CASE YOU MISSED: Gay Security Industry Experts Exposed! 1st Issue! What has JP (John Vranesevich) been up to lately? FIND OUT HERE!, ibash
Previous by Thread:  [Full-disclosure] Using domain whois information for fun and profit, Response Team
Next by Thread:  Re: [Full-disclosure] Using domain whois information for fun and profit, Response Team
Indexes:  [Date] [Thread] [Top] [All Lists]