1

Does any one know what this is? it looks like an XSS attack but it only seems to happen on my computer and on a server that doesn't contain <meta http-equiv="Content-Security-Policy" content="default-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src https://www.youtube.com/"> or some other equivalent. It doesn't seem to matter if the server with the webpage is public or not because it shows up anyways. I used a virtual machine on the same computer and it doesn't appear. Can someone tell me what this is and if I should be worried about it or not? The hrefs near the bottom are what concern me the most especially the ones that have "/track/" in the URL. I've attached a picture of what I am talking about below.

(Note: the hrefs in the picture are to websites I have never seen and this seems to be caused by my own computer not the server. The style tag in the picture appears on servers that were just created and are still at default settings.)

unwanted style tag on private server

SQL inject-able
  • 13
  • 4
  • 1
    Possible duplicate of [What’s the purpose of the HTML "nonce" attribute for script and style elements?](https://stackoverflow.com/questions/42922784/what-s-the-purpose-of-the-html-nonce-attribute-for-script-and-style-elements) – Amit Kumar Singh Sep 17 '17 at 05:06
  • if it wasn't for the screen shot and the meta tag I have then yes it would be, but I just want to know if this is something to do with my computer due to is not showing up on a virtual machine on the same computer. I don't even know what this is that I'm seeing. – SQL inject-able Sep 17 '17 at 05:11
  • This is related to content security policy. It is getting set from IIS HTTP response headers-> Add custom header. – Amit Kumar Singh Sep 17 '17 at 05:26
  • yes I know this, I want to know why this is happening to an internal server and why its only occurring with one specific computer. – SQL inject-able Sep 17 '17 at 05:27
  • Because this header is added on one particular pc only. – Amit Kumar Singh Sep 17 '17 at 05:28
  • is there a way I can remove that? because it shows up on all browsers I have. (except the tor browser) – SQL inject-able Sep 17 '17 at 05:29

1 Answers1

0

Judging by the screenshot provided, it just seems to be injecting adblock css into your page markup.

Try opening these sites in a private window where you're browser plugins aren't running or a different browser. I'm assuming you have some sort of adblock plugin which is injecting styles into the page.

Harlan Wilton
  • 504
  • 3
  • 11
  • Its still there even when in a private window. connected to this internal server with another computer that also has adblock but it never shows. its primarily those hrefs at the bottom that concern me, even the ones with "/track/" at the end. – SQL inject-able Sep 17 '17 at 05:04
  • Looks like, it is from Kaspersky Adblock plugin in your browser. Do you have this Kaspersky Internet Security/Adblock installed? https://forum.kaspersky.com/index.php?/topic/364131-code-in-source-of-my-website-is-it-website-protection-by-kis/&tab=comments#comment-2668196 – HIREN011 Oct 24 '17 at 19:20