Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
A cleansed site with fail and warnings...
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: A cleansed site with fail and warnings... (Read 1451 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 33923
malware fighter
A cleansed site with fail and warnings...
«
on:
December 13, 2015, 05:31:41 PM »
See:
https://asafaweb.com/Scan?Url=truparportal.azurewebsites.net
Custom errors are easy to enable, just configure the web.config to ensure the mode is either "On" or "RemoteOnly" and ensure there is a valid "defaultRedirect" defined for a custom error page as follows:
<customErrors mode="RemoteOnly" defaultRedirect="~/Error" />
It looks like a cookie is being set without the "HttpOnly" flag being set (name : value):
ARRAffinity : 5240d690100c4c51092a2085d43ee37beeb0befddd5e0fe39db70c0558a9d512
Unless the cookie legitimately needs to be read by JavaScript on the client, the "HttpOnly" flag should always be set to ensure it cannot be read by the client and used in an XSS attack. ->
http://www.domxssscanner.com/scan?url=http%3A%2F%2Ftruparportal.azurewebsites.net
->
https://www.virustotal.com/nl/url/65246b7375ebb5cec3e948528517201bb8490881bbdfee77ee813b38d7c8d24d/analysis/1450023818/
Other scanners do not flag:
http://urlquery.net/report.php?id=1450023959012
&
https://sitecheck.sucuri.net/results/truparportal.azurewebsites.net#sitecheck-details
pol
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
A cleansed site with fail and warnings...