$ whois -h whois.domreg.lt nic.lt
[Querying whois.domreg.lt]
[whois.domreg.lt]
% Hello, this is the DOMREG whois service.
...
%
Domain: nic.lt
Status: registered
Registered: 2002-01-08
Everything looks normal enough until we get to the "Contact organization" field:
Contact organization: <script>alert('Cia galetu buti nepageidaujama programa \n This could be dangerous program');</script>
Someone put a line of Javascript where the name of the contact organization is supposed to be. Thus, when you do a web-based whois lookup for this domain you are greeted with a scary looking message suggesting there may be danger is your WHOIS lookup.
There appears to be no danger, and perhaps this "warning" was placed as a gag of some sort. But it makes me wonder if WHOIS records are filtered for malware or other bad content. I can imagine rogue domain name owners putting a Javascript src link in their contact info and waiting for someone to bite.
UPDATE:
I changed the code under my WHOIS lookup to prevent script execution. So you will see no scary popup message. To see the problem in action, check this domain name at uwhois
No comments:
Post a Comment