Author Topic: Webshop site backend that well hidden, it is safe against "shoplift" malware?  (Read 822 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33931
  • malware fighter
Dear forum users,

Just a random website using Magento webshop CMS software scanned.
See what some "cold reconnaissance third party scanning" may reveal at a first glance.

Here we go. The website for scanning was completely random and taken from a "built-with" repository.

Scanned against MageReport dot com: https://www.magereport.com/scan/?s=https://www.veseys.com/

See: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=www.veseys.com%2F&ref_sel=GSP2&ua_sel=ff&fs=1
For hxtps://www.veseys.com/static/version1513286763/frontend/Northcloud/Veseys/en_US it cannot be established...

Vulnerable code from; -'DCKAP_Quickorder/js/jquery.ui.autocomplete.html',

DOM XSS vuln: Results from scanning URL: hxtps://www.veseys.com/static/version1513286763/frontend/Northcloud/Veseys/en_US/requirejs/require.js
Number of sources found: 15
Number of sinks found: 7
N.B. "Not using strict: uneven strict support in browsers, #392, and causes //problems with requirejs.exec()/transpiler plugins that may not be strict.".

Webserver version info proliferation: Apache/2.2.22 Ubuntu  (exploitable)
See: https://toolbar.netcraft.com/site_report?url=https://www.veseys.com

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!