« previous next »
Pages: [1]   Go Down

Author Topic: Vulnerable uri?  (Read 1262 times)

0 Members and 2 Guests are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34054
  • malware fighter
Vulnerable uri?
« on: March 30, 2017, 03:56:23 PM »
See: http://urlquery.net/report.php?id=1490880741640
and http://www.domxssscanner.com/scan?url=http%3A%2F%2F179.41.248.173%2Fhtml%2Fjs%2Fsecboot.js

Consider: https://www.rapid7.com/db/search?q=CVE-2012-0920  (dropbear version vulnerable)....
See: -https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=179.41.248.173%2Fcgi-bin%2Fwebproc&ref_sel=GSP2&ua_sel=ff&fs=1    mini_httpd/1.19 19dec2003  ??? ::)
Extra link found: -http://www.acme.com/software/mini_httpd/

Open to dependency injection? /html/skin/ErrorMark.gif  like a CT local
See: https://urlscan.io/result/5dc0e561-7608-4c31-9ad1-5ea637a6bd02#summary

polonus (volunteer website security analyst and website error-hunter)
« Last Edit: March 30, 2017, 04:16:46 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34054
  • malware fighter
Re: Vulnerable uri?
« Reply #1 on: March 31, 2017, 01:30:43 PM »
Risks are luring everywhere now for this sub domain.
Consider here: http://toolbar.netcraft.com/site_report?url=http%3A%2F%2Fcp0203.azamedia.net%2F

We have 11 abusers on that AS: http://sitevet.com/db/asn/AS15699

There is risk because of the exposure of the nameserver version: 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.4
Exposing name server's versions may be risky, when a new vulnerability is found your name servers may be automatically exploited by script kiddies until you patch the system. The excessive info proliferation data can be incorrect, still it is not considered 'best practices", your servers should never speak out loud!

Meagre F-Status: https://observatory.mozilla.org/analyze.html?host=cp0203.azamedia.net
B-status here: https://www.htbridge.com/ssl/?id=7bdaf9f435ff059f8cde1dca7d6199dad7336733d6d388146d065d73c8199901

The RSA certificate provided by the server could not be trusted. Non-compliant with PCI DSS requirements,
non-compliant with HIPAA guidance. Misconfiguration and weaknesses. It is self-signed!
Kingscope exploitable???

Re: https://urlscan.io/result/a47d9251-8bbe-40be-a966-849b4e63884b#summary
Plesk-link to https://plus.google.com/communities/109881979300958500728
Sio hashes and retireable codes non vulnerable.

We see this site could have been a little bit more secure.... ;)

polonus (volunteer website security analyst and website error-hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »