Bugtraq mailing list archives
NetCraft Site/Banner HTML Insertion Vulnerability
From: Felipe Moniz <felipe () nstalker com>
Date: Fri, 23 Nov 2001 17:46:54 -0800
NetCraft Site/Banner HTML Insertion Problem By Felipe Moniz, felipe () nstalker com Vulnerable site: - NetCraft, www.netcraft.com - Maybe other sites, running similar programs. I found a way to insert html in the NetCraft examination. Description: I put the html code <img src="http://www.nstalker.com/logo2.gif";> on the place of my original web server banner. Now if someone try to access the "What's that site running?" option in the NetCraft menu, and put to examine 200.184.147.62, will see http://www.nstalker.com/logo2.gif image as the web server banner. URL: http://uptime.netcraft.com/up/graph/?mode_u=off&mode_w=on&site=200.184.147.6 2&submit=Examine Any html code is accepted, as well as javascript, and etc. NetCraft webmaster was informed. Best Regards, Felipe Moniz felipe () nstalker com Network Security Specialist Cel: (55 21) 9203-8587 N-Stalker, Inc. Digital Security Intelligence http://www.nstalker.com
![http://www.nstalker.com/logo2.gif"](http://www.nstalker.com/logo2.gif"){kind=link}
Current thread:
- NetCraft Site/Banner HTML Insertion Vulnerability Felipe Moniz (Nov 23)