Avast WEBforum
Other => Viruses and worms => Topic started by: polonus on November 11, 2019, 02:13:27 PM
-
A minus 10 header security score here: https://webcookies.org/cookies/leanfrey.net/28625202?309409
I reported this site to Suspicious Site Reporter.
See: https://urlscan.io/result/044a4bf5-4abc-4665-98d6-438fa4cd31d5/#summary
where Google Safe browsing classifies it as Clean (current verdict).
But reported as with spam here: https://www.virustotal.com/gui/url/c41569052444f4177a04db84a1125779b31f0f6b52be17025c8ff69c187de08a/detection
(scanned a moment ago!).
Netcraft risk status 1 red out of 10: https://toolbar.netcraft.com/site_report?url=http://leanfrey.net/unsub.php
SSL tracker gives the website as insecure This website is insecure.
66% of the trackers on this site could be protecting you from NSA snooping. Tell -leanfrey.net to fix it.
All trackers
At least 3 third parties know you are on this webpage.
-Google
-Google
-leanfrey.net -leanfrey.net
Dedicated hosting not being flagged here: https://www.virustotal.com/gui/ip-address/216.75.37.238/relations
Webserver with excessive info proliferation: Apache/2.4.6 CentOS PHP/5.4.16
with various eploitable flaws: https://www.shodan.io/host/216.75.37.238
Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.
Retire J.S. detects retirable code:
Retire.js
bootstrap 3.1.1 Found in -http://leanfrey.net/Mail_Minion_files/bootstrap.js
Vulnerability info:
High 28236 XSS in data-template, data-content and data-title properties of tooltip/popover CVE-2019-8331
Medium 20184 XSS in data-target property of scrollspy CVE-2018-14041
Medium 20184 XSS in collapse data-parent attribute CVE-2018-14040
Medium 20184 XSS in data-container property of tooltip CVE-2018-14042
jquery 1.8.3 Found in -http://leanfrey.net/Mail_Minion_files/jquery.js
Vulnerability info:
Medium CVE-2012-6708 11290 Selector interpreted as HTML 123
Medium 2432 3rd party CORS request may execute CVE-2015-9251 1234
Medium CVE-2015-9251 11974 parseHTML() executes scripts in event handlers 123
Low CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution
PHP/5.4.16 - https://www.cvedetails.com/vulnerability-list.php?vendor_id=74&product_id=128&version_id=149817&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=0&cvssscoremax=0&year=0&cweid=0&order=1&trc=50&sha=0d26af6f3ba8ea20af18d089df40c252ea09b711
66 hints found through linting: https://webhint.io/scanner/9212552a-7258-4425-968a-3ef543dd0c9e
Vulnerable to? see: -> https://vulners.com/osvdb/OSVDB:38799 (info credits Kravchuk letters),
a variable remote file inclusion exploit.
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)