mailing list archives
NetCraft Site/Banner HTML Insertion Vulnerability
From: Felipe Moniz <felipe () nstalker com>
Date: Fri, 23 Nov 2001 17:46:54 -0800
NetCraft Site/Banner HTML Insertion Problem
By Felipe Moniz, felipe () nstalker com
- NetCraft, www.netcraft.com
- Maybe other sites, running similar programs.
I found a way to insert html in the NetCraft examination.
I put the html code <img src="http://www.nstalker.com/logo2.gif"> on the
place of my original web server banner.
Now if someone try to access the "What's that site running?" option in the
NetCraft menu, and put to examine 126.96.36.199, will see
http://www.nstalker.com/logo2.gif image as the web server banner. URL:
NetCraft webmaster was informed.
felipe () nstalker com
Network Security Specialist
Cel: (55 21) 9203-8587
Digital Security Intelligence
- NetCraft Site/Banner HTML Insertion Vulnerability Felipe Moniz (Nov 23)