This morning, I took a walk to register.net.id , and wanted to change my profile. The reason is that I don’t want other people can have my personal information easily when they whois my web. As we know that regisrating an .id domain, they ask me to send them a scanned version of identity card (KTP), and the profile submited there must match the information on the identity card. SO, that’s kinda f*cking easy of information gathering for somebody else if i don’t change my profile after this domain approved xD~
When I intend to change my profile, I found out that they don’t have any XSS filter there. Maybe they think that all user all bound to be honest (hum..honest?? 
). Nah, so now when anyone trying to whois my domain, he’ll get a present, so becareful 
hadiahnya apaan tuh
apa tuh hadiahnya? mau tau nih
It’s something interesting
but Don’t Try It at Home 
wew..
i like to try at home
i think it will be exciting to try at home
[...] I noticed that the XSS was actually same with mine. Here is the article I posted : Don’t Whois My Domain [...]
[...] noticed that the XSS was actually same with mine. Here is the article I posted : Don’t Whois My Domain This remind me a funny thing that is when the Administrator of the Domain Registrar found out [...]
[...] XSS vulnerability on the Whois engine first time found by me on 14 July 2007. You can read this post about how I found it, and this post that I rewrite. It’s not a big vulnerability though, but due to it’s a [...]
[...] XSS vulnerability on the Whois engine first time found by me on 14 July 2007. You can read this post about how I found it, and this post that I rewrite. It’s not a big vulnerability though, but due to it’s mass, so [...]
[...] I noticed that the XSS was actually same with mine. Here is the article I posted
on’t Whois My Domain [...]