Cenzic 232 Patent
Paid Advertising
web application security lab

XSS on Whois

Klaus over on Blackhatdomainer described on his blog the use of XSS in whois information to take over domains when people are researching your domain. Very cool stuff. I have a feeling there are also servers that may be vulnerable to SQL injection as well, but that’s probably much more difficult and dangerous to test. Dotster was apparently vulnerable to this, but we didn’t have a working PoC.

However, Thrill then posted an screenshot of this on one of the several domain registrars that we found to be vulnerable to this. So now we proof that this can be done. Of course the usefulness of this is probably limited to only a few sites, but sites which often take credit card information for payment processing of domains. Which, obviously, has some usefulness for phishing. Anyway, pretty interesting stuff!

2 Responses to “XSS on Whois”

  1. Zoiz Says:

    I found this interesting stuff on my country domain registrar too (http://register.net.id), but can’t give any screenshot since it’s patched couple months ago.

  2. MustLive Says:

    Very interesting information ;-). This confirms that Whois can be used for XSS attacks.