NetCraft Site/Banner HTML Insertion Problem By Felipe Moniz, felipe@nstalker.com Vulnerable site: - NetCraft, www.netcraft.com - Maybe other sites, running similar programs. I found a way to insert html in the NetCraft examination. Description: I put the html code <img src="http://www.nstalker.com/logo2.gif";> on the place of my original web server banner. Now if someone try to access the "What's that site running?" option in the NetCraft menu, and put to examine 200.184.147.62, will see http://www.nstalker.com/logo2.gif image as the web server banner. URL: http://uptime.netcraft.com/up/graph/?mode_u=off&mode_w=on&site=200.184.147.6 2&submit=Examine Any html code is accepted, as well as javascript, and etc. NetCraft webmaster was informed. Best Regards, Felipe Moniz felipe@nstalker.com Network Security Specialist Cel: (55 21) 9203-8587 N-Stalker, Inc. Digital Security Intelligence http://www.nstalker.com
![http://www.nstalker.com/logo2.gif"](http://www.nstalker.com/logo2.gif"){kind=link}
