NetCraft Site/Banner HTML Insertion Problem By Felipe Moniz, felipeat_private Vulnerable site: - NetCraft, www.netcraft.com - Maybe other sites, running similar programs. I found a way to insert html in the NetCraft examination. Description: I put the html code <img src="http://www.nstalker.com/logo2.gif"> on the place of my original web server banner. Now if someone try to access the "What's that site running?" option in the NetCraft menu, and put to examine 200.184.147.62, will see http://www.nstalker.com/logo2.gif image as the web server banner. URL: http://uptime.netcraft.com/up/graph/?mode_u=off&mode_w=on&site=200.184.147.6 2&submit=Examine Any html code is accepted, as well as javascript, and etc. NetCraft webmaster was informed. Best Regards, Felipe Moniz felipeat_private Network Security Specialist Cel: (55 21) 9203-8587 N-Stalker, Inc. Digital Security Intelligence http://www.nstalker.com
This archive was generated by hypermail 2b30 : Fri Nov 23 2001 - 18:19:17 PST