w3spy.net, XSS, GHDB DORK REPORT SUMMARY

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

Loading
Netsparker - Scan Report Summary
TARGET URL
 http://w3spy.net/
SCAN DATE
 5/1/2011 4:52:19 AM
REPORT DATE
 5/1/2011 4:57:59 AM
SCAN DURATION
 00:01:24
5
identified
3
confirmed
0
critical
3
informational

GHDB DORK Tests

DORK TESTS
PROFILE
 Previous Settings
ENABLED ENGINES
 Static Tests, Find Backup Files, Blind Command Injection, Blind SQL Injection, Boolean SQL Injection, Command Injection, HTTP Header Injection, Local File Inclusion, Open Redirection, Remote Code Evaluation, Remote File Inclusion, SQL Injection, Cross-site Scripting
Authentication
Scheduled

GHDB, DORK VULNERABILITIES

Vulnerabilities
Netsparker - Web Application Security Scanner
IMPORTANT
20 %
LOW
20 %
INFORMATION
60 %

GHDB, DORK VULNERABILITY SUMMARY

Vulnerability Summary
URL Parameter Method Vulnerability Confirmed
/ PHP Version Disclosure No
/error.php q GET Cross-site Scripting Yes
/i/ Forbidden Resource Yes
/privacy.php E-mail Address Disclosure No
/robots.txt Robots.txt Identified Yes
Cross-site Scripting

Cross-site Scripting
1 TOTAL
IMPORTANT
CONFIRMED
1
XSS (Cross-site Scripting) allows an attacker to execute a dynamic script (Javascript, VbScript) in the context of the application. This allows several different attack opportunities, mostly hijacking the current session of the user or changing the look of the page by changing the HTML on the fly to steal the user's credentials. This happens because the input entered by a user has been interpreted as HTML/Javascript/VbScript by the browser.

XSS targets the users of the application instead of the server. Although this is a limitation, since it allows attackers to hijack other users' session, an attacker might attack an administrator to gain full control over the application.

Impact

There are many different attacks that can be leveraged through the use of XSS, including:

Remedy

The issue occurs because the browser interprets the input as active HTML, Javascript or VbScript. To avoid this, all input and output from the application should be filtered. Output should be filtered according to the output format and location. Typically the output location is HTML. Where the output is HTML ensure that all active content is removed prior to its presentation to the server.

Prior to sanitizing user input, ensure you have a pre-defined list of both expected and acceptable characters with which you populate a white-list. This list needs only be defined once and should be used to sanitize and validate all subsequent input.

There are a number of pre-defined, well structured white-list libraries available for many different environments, good examples of these include, OWASP Reform and Microsoft Anti Cross-site Scripting libraries are good examples.

Remedy References

External References

- /error.php

/error.php CONFIRMED

http://w3spy.net/error.php?q=%2527%2522--%253E%253C%252Fstyle%253E%253C%252Fscript%253E%253Cscript%2..

Parameters

Parameter Type Value
q GET %27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3Enetsparker%280x00010E%29%3C%2Fscript%3E

Request

GET /error.php?q=%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3Enetsparker%280x00010E%29%3C%2Fscript%3E HTTP/1.1
Referer: http://w3spy.net/search.php?q=type+in+any+domain%3a+eg+google.com...&submit=submit
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)
Cache-Control: no-cache
Host: w3spy.net
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Server: nginx/0.8.52
Date: Sun, 01 May 2011 09:47:47 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.4-dev
Content-Encoding:
Vary: Accept-Encoding


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>Error Report For: '"--></style></script><script>netsparker(0x00010E)</script></title>
<meta name="description" content="W3Spy.net is a free online service where you can gather information about every website currently registered on the internet. Our software compiles data from various sources in real-time and presents you with a comprehensive report." />
<meta name="keywords" content="url, spy, w3spy, domain, report, information, stats, alexa, compete, info" />
<link rel="shortcut icon" href="http://w3spy.net/i/favicon.ico" />
<script type="text/javascript" src="http://w3spy.net/i/basic.js?v1"></script>
<meta property="og:image" content="http://w3spy.net/i/fb.jpg" />
<meta property="og:title" content="W3Spy.net - Spy on any website!" />

<meta property="og:site_name" content="W3spy" />

<link href="http://w3spy.net/css/style.css" rel="stylesheet" type="text/css" />
<!--[if lte IE 6]>
<link href="http://w3spy.net/css/style-IE.css" media="screen" rel="Stylesheet" type="text/css" />
<![endif]-->
<script type="text/javascript">
var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-58643-40']);
_gaq.push(['_trackPageview']);

(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();
</script>
</head>
<body>
<div id="frame">
<div id="header_bar">
<div id="header_tabs">
<ul>
<li><a href="http://w3spy.net/index">home</a></li>
<li><a href="http://w3spy.net/submit">submit url</a></li>
<li><a href="http://w3spy.net/tools">tools</a></li>
<li><a href="http://w3spy.net/contact">contact</a></li>
</ul>
</div>
<div id="members">We currently have 3,413,995 website reports!</div>
</div>
<div id="header">
<div id="logo"><a href="http://w3spy.net"><img src="http://w3spy.net/i/logo.png" width="285" height="62" border="0" alt="W3Spy.net" /></a></div>
<div id="header_right">
<div id="search_box">
<form class="search_form" name="search_form" method="get" action="http://w3spy.net/search.php">
<input class="search_input" type="text" name="q" size="5" value="type in any domain: eg google.com..." onfocus="this.value=''" /><input class="search_button" src="/i/t.gif" title="Search!" alt="Search!" type="image" value="submit" name="submit" />
</form>
<div id="search_info">Check out our <a href="https://addons.mozilla.org/en-US/firefox/addon/261953/" rel="nofollow" target="_blank"><b>Firefox Add-on</b></a> and <a href="https://chrome.google.com/extensions/detail/doahnaigbgiblgnjhhaekbffljjpmacg/" rel="nofollow" target="_blank"><b>Google Chrome Extension</b></a>.</div>
</div>
</div>
<div id="header_search_extra">

<iframe src="http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fw3spy.net&amp;layout=box_count&amp;show_faces=true&amp;width=54&amp;height=62" scrolling="no" frameborder="0" style="border:none; display:inline; color:#fff; overflow:hidden; padding: 0 0 0 0; width:160px; height:65px;"></iframe>

</div>

</div>
<div id="page_frame">
<div id="page_left">
<div id="page_content"> <div class="index_title">Error Report For: '"--></style></script><script>netsparker(0x00010E)</script></div>
<div class="content_text">We could not find any information about the requested domain. This error happens when a domain does not exist, it is invalid or it is not linked to any IP yet. If you feel this error is wrong, please contact us.</div>
</div>
</div>
<div id="page_right">
<div style="padding: 0 0 15px 15px">
<iframe src="http://jeroenvader.com/etc/ads/300x250.html" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:300px; height:250px;" allowTransparency="true"></iframe>
</div>
<div class="page_menu ques">
<ul>
<li class="active"><a href="#">More Recently Spied On Websites</a></li>
<li><a href="http://hoytemail.com.w3spy.net">hoytemail.com</a></li><li><a href="http://alemadult.com.w3spy.net">alemadult.com</a></li><li><a href="http://debszoneireland.com.w3spy.net">debszoneireland.com</a></li><li><a href="http://adam.com.au.w3spy.net">adam.com.au</a></li><li><a href="http://sharethatboy.com.w3spy.net">sharethatboy.com</a></li><li><a href="http://osmdevel.org.w3spy.net">osmdevel.org</a></li><li><a href="http://iterm2.com.w3spy.net">iterm2.com</a></li><li><a href="http://gerekamek.blogspot.com.w3spy.net">gerekamek.blogspot.com</a></li><li><a href="http://senukexbonus1.wordpress.com.w3spy.net">senukexbonus1.wordpress.com</a></li><li><a href="http://zsms.in.w3spy.net">zsms.in</a></li><li><a href="http://thomson-aerospace.com.w3spy.net">thomson-aerospace.com</a></li><li><a href="http://kupim-saity.ru.w3spy.net">kupim-saity.ru</a></li><li><a href="http://modareel.com.w3spy.net">modareel.com</a></li><li><a href="http://allempoweredwomen.com.w3spy.net">allempoweredwomen.com</a></li><li><a href="http://flagstore.com.w3spy.net">flagstore.com</a></li> </ul>
</div>
<div style="text-align:center">
<span ><a href="http://www.twitter.com/w3spynet" rel="nofollow" target="_blank"><img src="http://w3spy.net/i/twitter.png" alt="Follow us at Twitter" border="0" /></a></span>
<span style="margin-left:20px;"><a href="http://youtube.com/w3spy" rel="nofollow" target="_blank"><img src="http://w3spy.net/i/youtube.png" alt="Follow us at Youtube" border="0" /></a></span>
</div>
</div>
</div>
<div id="push"></div>
<div id="footer">&copy; 2010 - W3Spy.net | 0.00892 | We cannot guarantee that the information shown on the page is correct. <a href="http://w3spy.net/privacy.php"><font color="white">privacy</font></a></div>
</div>
</body>
</html>
PHP Version Disclosure

PHP Version Disclosure
1 TOTAL
LOW
Netsparker identified that the target web server is disclosing the PHP version in use through the HTTP response. This information can help an attacker to gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of PHP.

Impact

An attacker can look for specific security vulnerabilities for the version identified. Also the attacker can use this information in conjunction with the other vulnerabilities in the application or the web server.
- /

/

http://w3spy.net/

Extracted Version

PHP/5.3.4-dev

Request

GET / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)
Cache-Control: no-cache
Host: w3spy.net
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Server: nginx/0.8.52
Date: Sun, 01 May 2011 09:47:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.4-dev
Content-Encoding:
Vary: Accept-Encoding


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>W3Spy.net - Spy Any Website - 4589 people online</title>
<meta name="description" content="W3Spy.net is a free online service where you can gather information about every website currently registered on the internet. Our software compiles data from various sources in real-time and presents you with a comprehensive report." />
<meta name="keywords" content="url, spy, w3spy, domain, report, information, stats, alexa, compete, info" />
<link rel="shortcut icon" href="http://w3spy.net/i/favicon.ico" />
<script type="text/javascript" src="http://w3spy.net/i/basic.js?v1"></script>
<meta property="og:image" content="http://w3spy.net/i/fb.jpg" />
<meta property="og:title" content="W3Spy.net - Spy on any website!" />

<meta property="og:site_name" content="W3spy" />

<link href="http://w3spy.net/css/style.css" rel="stylesheet" type="text/css" />
<!--[if lte IE 6]>
<link href="http://w3spy.net/css/style-IE.css" media="screen" rel="Stylesheet" type="text/css" />
<![endif]-->
<script type="text/javascript">
var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-58643-40']);
_gaq.push(['_trackPageview']);

(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();
</script>
</head>
<body>
<div id="frame">
<div id="header_bar">
<div id="header_tabs">
<ul>
<li><a href="http://w3spy.net/index">home</a></li>
<li><a href="http://w3spy.net/submit">submit url</a></li>
<li><a href="http://w3spy.net/tools">tools</a></li>
<li><a href="http://w3spy.net/contact">contact</a></li>
</ul>
</div>
<div id="members">We currently have 3,413,994 website reports!</div>
</div>
<div id="header">
<div id="logo"><a href="http://w3spy.net"><img src="http://w3spy.net/i/logo.png" width="285" height="62" border="0" alt="W3Spy.net" /></a></div>
<div id="header_right">
<div id="search_box">
<form class="search_form" name="search_form" method="get" action="http://w3spy.net/search.php">
<input class="search_input" type="text" name="q" size="5" value="type in any domain: eg google.com..." onfocus="this.value=''" /><input class="search_button" src="/i/t.gif" title="Search!" alt="Search!" type="image" value="submit" name="submit" />
</form>
<div id="search_info">Check out our <a href="https://addons.mozilla.org/en-US/firefox/addon/261953/" rel="nofollow" target="_blank"><b>Firefox Add-on</b></a> and <a href="https://chrome.google.com/extensions/detail/doahnaigbgiblgnjhhaekbffljjpmacg/" rel="nofollow" target="_blank"><b>Google Chrome Extension</b></a>.</div>
</div>
</div>
<div id="header_search_extra">

<iframe src="http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fw3spy.net&amp;layout=box_count&amp;show_faces=true&amp;width=54&amp;height=62" scrolling="no" frameborder="0" style="border:none; display:inline; color:#fff; overflow:hidden; padding: 0 0 0 0; width:160px; height:65px;"></iframe>

</div>

</div>
<div id="page_frame">
<div id="page_left">
<div id="page_content">
<div>W3Spy.net is a free online service where you can gather information about every website currently registered on the internet. Our software compiles data from various sources in real-time and presents you with a comprehensive report. Using our service its completely free, and there is no daily lookup limit.</div>
<div class="index_title">Recently Spied On Websites</div>
<div class="content_items">
<ul><li><span>1 sec ago</span><a href="http://piko-shop.de.w3spy.net">piko-shop.de</a></li><li><span>2 sec ago</span><a href="http://evrythng.net.w3spy.net">evrythng.net</a></li><li><span>3 sec ago</span><a href="http://laptopbd.net.w3spy.net">laptopbd.net</a></li><li><span>4 sec ago</span><a href="http://bjwjx.com.w3spy.net">bjwjx.com</a></li><li><span>7 sec ago</span><a href="http://unitedandignited.com.w3spy.net">unitedandignited.com</a></li><li><span>1 min ago</span><a href="http://pornoshara.su.w3spy.net">pornoshara.su</a></li><li><span>1 min ago</span><a href="http://captoy.dk.w3spy.net">captoy.dk</a></li><li><span>1 min ago</span><a href="http://okuiaki.com.w3spy.net">okuiaki.com</a></li><li><span>1 min ago</span><a href="http://forex-eg.com.w3spy.net">forex-eg.com</a></li><li><span>2 min ago</span><a href="http://youkerala.com.w3spy.net">youkerala.com</a></li><li><span>2 min ago</span><a href="http://chasrothmanns.com.w3spy.net">chasrothmanns.com</a></li><li><span>2 min ago</span><a href="http://pandorajewellery-au.com.w3spy.net">pandorajewellery-au.com</a></li><li><span>2 min ago</span><a href="http://victimas-peru.org.w3spy.net">victimas-peru.org</a></li><li><span>2 min ago</span><a href="http://sportinsblog.blogspot.com.w3spy.net">sportinsblog.blogspot.com</a></li><li><span>3 min ago</span><a href="http://grafsoft.net.w3spy.net">grafsoft.net</a></li><li><span>3 min ago</span><a href="http://waytrading.de.w3spy.net">waytrading.de</a></li><li><span>3 min ago</span><a href="http://dzserver.blogspot.com.w3spy.net">dzserver.blogspot.com</a></li><li><span>3 min ago</span><a href="http://michaelwalkers.net.w3spy.net">michaelwalkers.net</a></li><li><span>3 min ago</span><a href="http://boogiezoneutopia.jp.w3spy.net">boogiezoneutopia.jp</a></li><li><span>4 min ago</span><a href="http://actlikeaman.org.w3spy.net">actlikeaman.org</a></li><li><span>4 min ago</span><a href="http://puma-nightrun.com.tw.w3spy.net">puma-nightrun.com.tw</a></li><li><span>4 min ago</span><a href="http://psc-psoe.es.w3spy.net">psc-psoe.es</a></li><li><span>4 min ago</span><a href="http://nexrcorp.com.w3spy.net">nexrcorp.com</a></li><li><span>4 min ago</span><a href="http://proteinshakeadvice.com.w3spy.net">proteinshakeadvice.com</a></li><li><span>4 min ago</span><a href="http://rubenkings.wordpress.com.w3spy.net">rubenkings.wordpress.com</a></li><li><span>4 min ago</span><a href="http://zhenhuakuaican.com.w3spy.net">zhenhuakuaican.com</a></li><li><span>5 min ago</span><a href="http://dishingfordana.com.w3spy.net">dishingfordana.com</a></li><li><span>5 min ago</span><a href="http://heyuu.net.w3spy.net">heyuu.net</a></li><li><span>5 min ago</span><a href="http://hoytemail.com.w3spy.net">hoytemail.com</a></li><li><span>5 min ago</span><a href="http://alemadult.com.w3spy.net">alemadult.com</a></li></ul>
</div> </div>
</div>
<div id="page_right">
<div style="padding: 0 0 15px 15px">

<script type="text/javascript"><!--
google_ad_client = "pub-4339714761096906";
/* W3spy 300x250 */
google_ad_slot = "6518336751";
google_ad_width = 300;
google_ad_height = 250;
//-->
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
</div>
<div class="page_menu ques">
<ul>
<li class="active"><a href="#">More Recently Spied On Websites</a></li>
<li><a href="http://debszoneireland.com.w3spy.net">debszoneireland.com</a></li><li><a href="http://adam.com.au.w3spy.net">adam.com.au</a></li><li><a href="http://sharethatboy.com.w3spy.net">sharethatboy.com</a></li><li><a href="http://osmdevel.org.w3spy.net">osmdevel.org</a></li><li><a href="http://iterm2.com.w3spy.net">iterm2.com</a></li><li><a href="http://gerekamek.blogspot.com.w3spy.net">gerekamek.blogspot.com</a></li><li><a href="http://senukexbonus1.wordpress.com.w3spy.net">senukexbonus1.wordpress.com</a></li><li><a href="http://zsms.in.w3spy.net">zsms.in</a></li><li><a href="http://thomson-aerospace.com.w3spy.net">thomson-aerospace.com</a></li><li><a href="http://kupim-saity.ru.w3spy.net">kupim-saity.ru</a></li><li><a href="http://modareel.com.w3spy.net">modareel.com</a></li><li><a href="http://allempoweredwomen.com.w3spy.net">allempoweredwomen.com</a></li><li><a href="http://flagstore.com.w3spy.net">flagstore.com</a></li><li><a href="http://limetorrent.com.w3spy.net">limetorrent.com</a></li><li><a href="http://mftest.net.w3spy.net">mftest.net</a></li> </ul>
</div>
<div style="text-align:center">
<span ><a href="http://www.twitter.com/w3spynet" rel="nofollow" target="_blank"><img src="http://w3spy.net/i/twitter.png" alt="Follow us at Twitter" border="0" /></a></span>
<span style="margin-left:20px;"><a href="http://youtube.com/w3spy" rel="nofollow" target="_blank"><img src="http://w3spy.net/i/youtube.png" alt="Follow us at Youtube" border="0" /></a></span>
</div>
</div>
</div>
<div id="push"></div>
<div id="footer">&copy; 2010 - W3Spy.net | 0.00981 | We cannot guarantee that the information shown on the page is correct. <a href="http://w3spy.net/privacy.php"><font color="white">privacy</font></a></div>
</div>
</body>
</html>
Forbidden Resource

Forbidden Resource
1 TOTAL
INFORMATION
CONFIRMED
1
Access to this resource has been denied by the web server. This is generally not a security issue, and is reported here for information purposes.

Impact

There is no impact resulting from this issue.
- /i/

/i/ CONFIRMED

http://w3spy.net/i/

Request

GET /i/ HTTP/1.1
Referer: http://w3spy.net/i/favicon.ico
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)
Cache-Control: no-cache
Host: w3spy.net
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 403 Forbidden
Server: nginx/0.8.52
Date: Sun, 01 May 2011 09:47:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding:


<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/0.8.52</center>
</body>
</html>
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
E-mail Address Disclosure

E-mail Address Disclosure
1 TOTAL
INFORMATION
Netsparker found e-mail addresses on the web site.

Impact

E-mail addresses discovered within the application can be used by both spam email engines and also brute force tools. Furthermore valid email addresses may lead to social engineering attacks .

Remedy

Use generic email addresses such as contact@ or info@ for general communications, remove user/people specific e-mail addresses from the web site, should this be required use submission forms for this purpose.

External References

- /privacy.php

/privacy.php

http://w3spy.net/privacy.php

Found E-mails

w3spy.net@gmail.com

Request

GET /privacy.php HTTP/1.1
Referer: http://w3spy.net/
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)
Cache-Control: no-cache
Host: w3spy.net
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Server: nginx/0.8.52
Date: Sun, 01 May 2011 09:47:21 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.4-dev
Content-Encoding:
Vary: Accept-Encoding


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>W3Spy.net - Privacy Policy</title>
<meta name="description" content="W3Spy.net is a free online service where you can gather information about every website currently registered on the internet. Our software compiles data from various sources in real-time and presents you with a comprehensive report." />
<meta name="keywords" content="url, spy, w3spy, domain, report, information, stats, alexa, compete, info" />
<link rel="shortcut icon" href="http://w3spy.net/i/favicon.ico" />
<script type="text/javascript" src="http://w3spy.net/i/basic.js?v1"></script>
<meta property="og:image" content="http://w3spy.net/i/fb.jpg" />
<meta property="og:title" content="W3Spy.net - Spy on any website!" />

<meta property="og:site_name" content="W3spy" />

<link href="http://w3spy.net/css/style.css" rel="stylesheet" type="text/css" />
<!--[if lte IE 6]>
<link href="http://w3spy.net/css/style-IE.css" media="screen" rel="Stylesheet" type="text/css" />
<![endif]-->
<script type="text/javascript">
var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-58643-40']);
_gaq.push(['_trackPageview']);

(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();
</script>
</head>
<body>
<div id="frame">
<div id="header_bar">
<div id="header_tabs">
<ul>
<li><a href="http://w3spy.net/index">home</a></li>
<li><a href="http://w3spy.net/submit">submit url</a></li>
<li><a href="http://w3spy.net/tools">tools</a></li>
<li><a href="http://w3spy.net/contact">contact</a></li>
</ul>
</div>
<div id="members">We currently have 3,413,994 website reports!</div>
</div>
<div id="header">
<div id="logo"><a href="http://w3spy.net"><img src="http://w3spy.net/i/logo.png" width="285" height="62" border="0" alt="W3Spy.net" /></a></div>
<div id="header_right">
<div id="search_box">
<form class="search_form" name="search_form" method="get" action="http://w3spy.net/search.php">
<input class="search_input" type="text" name="q" size="5" value="type in any domain: eg google.com..." onfocus="this.value=''" /><input class="search_button" src="/i/t.gif" title="Search!" alt="Search!" type="image" value="submit" name="submit" />
</form>
<div id="search_info">Check out our <a href="https://addons.mozilla.org/en-US/firefox/addon/261953/" rel="nofollow" target="_blank"><b>Firefox Add-on</b></a> and <a href="https://chrome.google.com/extensions/detail/doahnaigbgiblgnjhhaekbffljjpmacg/" rel="nofollow" target="_blank"><b>Google Chrome Extension</b></a>.</div>
</div>
</div>
<div id="header_search_extra">

<iframe src="http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fw3spy.net&amp;layout=box_count&amp;show_faces=true&amp;width=54&amp;height=62" scrolling="no" frameborder="0" style="border:none; display:inline; color:#fff; overflow:hidden; padding: 0 0 0 0; width:160px; height:65px;"></iframe>

</div>

</div>
<div id="page_frame">
<div id="page_left">
<div id="page_content"> <div class="content_title">Privacy Policy for W3spy.net </div>



<div class="content_text">If you require any more information or have any questions about our privacy policy, please feel free to contact us by email at w3spy.net@gmail.com.

<br /><br />

At W3spy.net, the privacy of our visitors is of extreme importance to us. This privacy policy document outlines the types of personal information is received and collected by W3spy.net and how it is used.</div>

<div class="content_text"><b>Log Files</b></div>

<div class="content_text">Like many other Web sites, W3spy.net makes use of log files. The information inside the log files includes internet protocol ( IP ) addresses, type of browser, Internet Service Provider ( ISP ), date/time stamp, referring/exit pages, and number of clicks to analyze trends, administer the site, track user's movement around the site, and gather demographic information. IP addresses, and other such information are not linked to any information that is personally identifiable. </div>



<div class="content_text"><b>Cookies and Web Beacons</b></div>

<div class="content_text">W3spy.net does use cookies to store information about visitors preferences, record user-specific information on which pages the user access or visit, customize Web page content based on visitors browser type or other information that the visitor sends via their browser. </div>



<div class="content_text"><b>DoubleClick DART Cookie</b></div>

<div class="content_text">Google, as a third party vendor, uses cookies to serve ads on W3spy.net.

<br />.:: Google's use of the DART cookie enables it to serve ads to users based on their visit to W3spy.net and other sites on the Internet.

<br />.:: Users may opt out of the use of the DART cookie by visiting the Google ad and content network privacy policy at the following URL - http://www.google.com/privacy_ads.html

<br /><br />

Some of our advertising partners may use cookies and web beacons on our site. Our advertising partners include ....

<br />Google Adsense</div>



<div class="content_text">

These third-party ad servers or ad networks use technology to the advertisements and links that appear on W3spy.net send directly to your browsers. They automatically receive your IP address when this occurs. Other technologies ( such as cookies, JavaScript, or Web Beacons ) may also be used by the third-party ad networks to measure the effectiveness of their advertisements and / or to personalize the advertising content that you see.

<br /><br />

W3spy.net has no access to or control over these cookies that are used by third-party advertisers.

<br /><br />

You should consult the respective privacy policies of these third-party ad servers for more detailed information on their practices as well as for instructions about how to opt-out of certain practices. W3spy.net's privacy policy does not apply to, and we cannot control the activities of, such other advertisers or web sites.

<br /><br />

If you wish to disable cookies, you may do so through your individual browser options. More detailed information about cookie management with specific web browsers can be found at the browsers' respective websites. </div>

<div class="clear_it"><!-- --></div>
</div>
</div>
<div id="page_right">
<div style="padding: 0 0 15px 15px">

<script type="text/javascript"><!--
google_ad_client = "pub-4339714761096906";
/* W3spy 300x250 */
google_ad_slot = "6518336751";
google_ad_width = 300;
google_ad_height = 250;
//-->
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
</div>
<div class="page_menu ques">
<ul>
<li class="active"><a href="#">More Recently Spied On Websites</a></li>
<li><a href="http://debszoneireland.com.w3spy.net">debszoneireland.com</a></li><li><a href="http://adam.com.au.w3spy.net">adam.com.au</a></li><li><a href="http://sharethatboy.com.w3spy.net">sharethatboy.com</a></li><li><a href="http://osmdevel.org.w3spy.net">osmdevel.org</a></li><li><a href="http://iterm2.com.w3spy.net">iterm2.com</a></li><li><a href="http://gerekamek.blogspot.com.w3spy.net">gerekamek.blogspot.com</a></li><li><a href="http://senukexbonus1.wordpress.com.w3spy.net">senukexbonus1.wordpress.com</a></li><li><a href="http://zsms.in.w3spy.net">zsms.in</a></li><li><a href="http://thomson-aerospace.com.w3spy.net">thomson-aerospace.com</a></li><li><a href="http://kupim-saity.ru.w3spy.net">kupim-saity.ru</a></li><li><a href="http://modareel.com.w3spy.net">modareel.com</a></li><li><a href="http://allempoweredwomen.com.w3spy.net">allempoweredwomen.com</a></li><li><a href="http://flagstore.com.w3spy.net">flagstore.com</a></li><li><a href="http://limetorrent.com.w3spy.net">limetorrent.com</a></li><li><a href="http://mftest.net.w3spy.net">mftest.net</a></li> </ul>
</div>
<div style="text-align:center">
<span ><a href="http://www.twitter.com/w3spynet" rel="nofollow" target="_blank"><img src="http://w3spy.net/i/twitter.png" alt="Follow us at Twitter" border="0" /></a></span>
<span style="margin-left:20px;"><a href="http://youtube.com/w3spy" rel="nofollow" target="_blank"><img src="http://w3spy.net/i/youtube.png" alt="Follow us at Youtube" border="0" /></a></span>
</div>
</div>
</div>
<div id="push"></div>
<div id="footer">&copy; 2010 - W3Spy.net | 0.00635 | We cannot guarantee that the information shown on the page is correct. <a href="http://w3spy.net/privacy.php"><font color="white">privacy</font></a></div>
</div>
</body>
</html>
Robots.txt Identified

Robots.txt Identified
1 TOTAL
INFORMATION
CONFIRMED
1
Netsparker identified a possibly sensitive Robots.txt file with potentially sensitive content.

Impact

Depending on the content of the file, an attacker might discover hidden directories. Ensure that you have got nothing sensitive exposed within this folder such as the path of the administration panel.

Remedy

- /robots.txt

/robots.txt CONFIRMED

http://w3spy.net/robots.txt

Interesting Robots.txt Entries

Request

GET /robots.txt HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)
Cache-Control: no-cache
Host: w3spy.net
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Server: nginx/0.8.52
Date: Sun, 01 May 2011 09:47:09 GMT
Content-Type: text/plain
Last-Modified: Wed, 08 Dec 2010 16:21:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding:


User-agent: *
Disallow: update.php
Disallow: error.php
Disallow: tag.php