« previous next »
Pages: [1]   Go Down

Author Topic: require.js vulnerable here? potentially suspicious script detected!  (Read 1546 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33938
  • malware fighter
require.js vulnerable here? potentially suspicious script detected!
« on: February 04, 2017, 03:57:16 PM »
See: https://sritest.io/#report/23725b69-325e-4e0a-8da5-daf40b575855
See: https://observatory.mozilla.org/analyze.html?host=www.mojdoktor.gov.rs  (various issues)
1 vuln. library: http://retire.insecurity.today/#!/scan/3aab761e93a8c4da7ef2f3270a4eeeb4492309875c23798a122fa3f8af213b08
See: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fwww.mojdoktor.gov.rs%2F

Going over this particular code: Results from scanning URL: -https://www.mojdoktor.gov.rs/assets/stack/zeee0a57a/en/core.js
Number of sources found: 252
Number of sinks found: 128

I stumble upon
Quote
error: line:257: SyntaxError: missing ) in parenthetical:
          error: line:257: HTML=src.outerHTML;if(support.html5Clone&&(src.innerHTML&&!jQuery.trim(dest.innerHTML)))dest.innerHTML=src.innerHTML}else if(nodeName==="input"&&rcheckableType.test(src.type)){dest.defaultChecked=dest.checked=src.checked;if(dest.value!==src.value)dest
          error: line:257: ............................................................^
Not properly being updated and we have to close these tags to support XHTML.

Problem: The scan has detected some potential problems in these files. First scroll down through the code listed out after the list of links, this is the code returned by the request for the URL you entered and check for any problems. Next, these link(s) will open the individual URL(s) in this tool, check through the code that is returned, compare the code being returned to a know clean copy, etc.

1 -> -app.mojdoktor.gov.rs/assets/1.50.7/stack/en/core.js -> http://www.domxssscanner.com/scan?url=https%3A%2F%2Fapp.mojdoktor.gov.rs%2Fassets%2F1.50.7%2Fstack%2Fen%2Fcore.js

->https://aw-snap.info/file-viewer/?tgt=https%3A%2F%2Fwww.mojdoktor.gov.rs%2F&ref_sel=GSP2&ua_sel=ff&fs=1

But it may be safe: https://www.virustotal.com/nl/url/bb1afe6e73716486c5dce1ad77883aab3d0079d024fa7f2b9e259a53facaebd8/analysis/1486219564/
How that explains the errors here?: https://sitecheck.sucuri.net/results/app.mojdoktor.gov.rs
Quttera flags two potentially suspicious script: Severity:   Potentially Suspicious
Reason:   Detected procedure that is commonly used in suspicious activity.
Details:   Too low entropy detected in string [['ui-accordion-header ui-accordion-disabled ui-helper-reset ui-state-default ui-corner-all ui-state-ac']] of length 136 which may point to obfuscation or shellcode

polonus (volunteer website security analyst and website error-hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »