Last night one of my friend, Robin showed me this link : http://www.blackhatdomainer.com/whois-xss/ (and I also found this on RSnake’s Blog)
I noticed that the XSS was actually same with mine. Here is the article I posted : Don’t Whois My Domain
This remind me a funny thing 
that is when the Administrator of the Domain Registrar found out this XSS, he didn’t suspend my account though! But he did change my name (if I remember it correctly 
) to “I am a gay” Geez, he sucks! haha. And it’s patched since September, 2 month or so after my founding.
And this tells Indonesia official Domain Registrar in some aspects better than other countries Domain Registrars, at least they are not vulnerable to Whois XSS
By : Zoiz [at] http://zoiz.web.id
If you enjoyed this article, please consider sharing it!
Very interesting information
. This confirms that Whois can be used for XSS attacks.
hehehe, i’m sorry for the insult i’ve made. thanks for testing register.net.id security hole.
that’s xss bug thingie is a seriously n00b mistake isn’t it ?
So you are the webmaster? Haha, it’s ok dude. I don’t think getting XSSed is n00b
even google and yahoo are XSSed, hehe. Btw you are from register.net.id? Seriously I have found some extremely critical bugs there. I’m willingly to help you improving the security. How is it?
Yes, indeed i’m the system maintainer
obviously i’m very interested in improving the system security.
You can contact me by the email i posted above, and you can tell me your expectation in term of reward for giving the bug information
.
Thank you very much
regards
Register.net.id team
[...] Bugs Hunt | Zoiz Blog on Don’t Whois my Domainarie on Unable To Access YouTube.comdzvx on Whois XSSZoiz on Whois XSSDQ on Unable To Access [...]