[25300] in bugtraq
Multiple CSS/XSS vulnerabilities on directNIC.com
daemon@ATHENA.MIT.EDU (Alex Lambert)
Mon Apr 29 18:58:02 2002
Message-ID: <088f01c1ee24$1aa7ea50$0200010a@apl.qfis.net>
From: "Alex Lambert" <alambert@quickfire.org>
To: <bugtraq@securityfocus.com>, <vuln-dev@securityfocus.com>
Cc: "Alex Lambert" <alambert@quickfire.org>, "Keegan" <keegan@xor67.org>
Date: Sat, 27 Apr 2002 14:45:36 -0500
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Hello,
Recently, I have discovered a multitude of areas on directNIC's domain
management area (secure.directnic.com) which are vulnerable to cross-site
scripting. I first contacted them about these problems almost a week ago. In
light of their continued ignorance of the scope of these issues, I have
decided to post information about this to the Bugtraq and vuln-dev mailing
lists.
These problems are particularly dangerous given that directNIC is a domain
name registrar. Possibilities are not limited to just cookie stealing; an
intruder can hijack any user's domain by changing the nameservers. (Of
course, the domain owner must still navigate to a carefully crafted URL --
social engineering is outside the scope of this message.)
mbrunson, a directNIC support representative, said that the company was
aware of the problem and that it "wasn't an issue".
For additional information, including an exploit code generator (which works
as of 2:45 PM Central today) and a log of my trouble ticket, please visit
http://wwwpool.quickfire.org/directnic_css_vuln.html
Cheers,
Alex Lambert
alambert@quickfire.org
(If the above URL does not work, you might want to try
http://wwwpool.pwhsnet.com/directnic_css_vuln.html)
