problogger

Here’s a very nice XSS find by Klaus:

“Most domain registrars (have yet to find one that does) will not filter what you put on your REGISTRANT CONTACT INFO and WILL allow the script tag! ”

Considering how many sites scrape or use Whois info, I’d say that a hole like that is pretty massive for hackers.

Blog advertising

Posted on January 18th, 2008 by Green Guy
Filed under: Uncategorized