Home page logo
/

bugtraq logo Bugtraq mailing list archives

NetCraft Site/Banner HTML Insertion Vulnerability
From: Felipe Moniz <felipe () nstalker com>
Date: Fri, 23 Nov 2001 17:46:54 -0800

NetCraft Site/Banner HTML Insertion Problem
By Felipe Moniz, felipe () nstalker com

Vulnerable site:
- NetCraft, www.netcraft.com
- Maybe other sites, running similar programs.

I found a way to insert html in the NetCraft examination.

Description:

I put the html code <img src="http://www.nstalker.com/logo2.gif";> on the
place of my original web server banner.

Now if someone try to access the "What's that site running?" option in the
NetCraft menu, and put to examine 200.184.147.62, will see
http://www.nstalker.com/logo2.gif image as the web server banner. URL:

http://uptime.netcraft.com/up/graph/?mode_u=off&mode_w=on&site=200.184.147.6
2&submit=Examine

Any html code is accepted, as well as javascript, and etc.

NetCraft webmaster was informed.

Best Regards,

Felipe Moniz
felipe () nstalker com
Network Security Specialist
Cel: (55 21) 9203-8587
N-Stalker, Inc.
Digital Security Intelligence
http://www.nstalker.com







  By Date           By Thread  

Current thread:
  • NetCraft Site/Banner HTML Insertion Vulnerability Felipe Moniz (Nov 23)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]