Hello, Recently, I have discovered a multitude of areas on directNIC's domain management area (secure.directnic.com) which are vulnerable to cross-site scripting. I first contacted them about these problems almost a week ago. In light of their continued ignorance of the scope of these issues, I have decided to post information about this to the Bugtraq and vuln-dev mailing lists. These problems are particularly dangerous given that directNIC is a domain name registrar. Possibilities are not limited to just cookie stealing; an intruder can hijack any user's domain by changing the nameservers. (Of course, the domain owner must still navigate to a carefully crafted URL -- social engineering is outside the scope of this message.) mbrunson, a directNIC support representative, said that the company was aware of the problem and that it "wasn't an issue". For additional information, including an exploit code generator (which works as of 2:45 PM Central today) and a log of my trouble ticket, please visit http://wwwpool.quickfire.org/directnic_css_vuln.html Cheers, Alex Lambert alambertat_private (If the above URL does not work, you might want to try http://wwwpool.pwhsnet.com/directnic_css_vuln.html)
This archive was generated by hypermail 2b30 : Mon Apr 29 2002 - 15:54:58 PDT