Content spoofing & text injection on crowdshield.com
Content Spoofing is an attack technique that allows an attacker to inject a malicious payload that is later misrepresented as legitimate content of a web application. This approach is common on error pages, or sites providing story or news entries. The content specified in this parameter is later reflected into the page to provide the content for the page. If an attacker where to replace this content with something more sinister they might be able to falsify statements on the destination website. Upon visiting this link the user would believe the content being displayed as legitimate.
I get in touch to report that crowdshield.com is vulnerable to content spoofing and text injection.
This attack exploits the trust relationship established between the user and the web site.
The URL path is URL decoded and attacker text is reflected back to the UI:
"The requested URL / needs a new web client, please download http://attacker/virus.exe to we able to open it.”
Please, let me know if you need further information
Use a 404 page that don't include attacker text.