« previous next »
Pages: [1]   Go Down

Author Topic: DROWn exploit on nameserver - website hacked and defaced...  (Read 1114 times)

0 Members and 2 Guests are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34065
  • malware fighter
DROWn exploit on nameserver - website hacked and defaced...
« on: April 21, 2016, 04:50:16 PM »
See: https://test.drownattack.com/?site=ns10.az.pl  and see: http://toolbar.netcraft.com/site_report?url=http://notrax.pl
Insecure IDs tracking: 50% of the trackers on this site could be protecting you from NSA snooping. Tell notrax.pl to fix it.

 All trackers
At least 2 third parties know you are on this webpage.

 -shaaaaaaaaaaaaa.com
-notrax.pl  -notrax.pl

Code to be retired: -http://az0016.srv.az.pl/
Detected libraries:
jquery - 1.9.1 : (active1) -http://az0016.srv.az.pl/azinternal/js/jquery-1.9.1.min.js
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
(active) - the library was also found to be active by running code
1 vulnerable library detected

Cufon there can be abused as malware attack vector.

polonus (volunteer website security analyst and website error-hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »