Last night one of my friend, Robin showed me this link : http://www.blackhatdomainer.com/whois-xss/ (and I also found this on RSnake’s Blog)
I noticed that the XSS was actually same with mine. Here is the article I posted : Don’t Whois My Domain
This remind me a funny thing 
that is when the Administrator of the Domain Registrar found out this XSS, he didn’t suspend my account though! But he did change my name (if I remember it correctly 
) to “I am a gay” Geez, he sucks! haha. And it’s patched since September, 2 month or so after my founding.
And this tells Indonesia official Domain Registrar in some aspects better than other countries Domain Registrars, at least they are not vulnerable to Whois XSS
By : Zoiz [at] http://zoiz.web.id