« previous next »
Pages: [1]   Go Down

Author Topic: Insecure Word Press website with malware or clean?  (Read 878 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33903
  • malware fighter
Insecure Word Press website with malware or clean?
« on: July 20, 2017, 01:41:15 PM »
Quttera gives it as clean: https://quttera.com/detailed_report/www.docservices.org
No flags here: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=www.docservices.org&ref_sel=GSP2&ua_sel=ff&fs=1
F-Grade and recommendations: https://observatory.mozilla.org/analyze.html?host=www.docservices.org
B-Grade: https://sritest.io/#report/c6090c62-1929-4552-8a84-1c0539f7a4fb
1 vuln. library: http://retire.insecurity.today/#!/scan/936a2f14308b64ef6a1c8cd74a23a73d405cd7f62036f8bd8fd862697c25f3e7

CMS conf. errors: Warning User Enumeration is possible
The first two user ID's were tested to determine if user enumeration is possible.

ID   User   Login
1   docservi   docservi
2      None
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation

Warning Directory Indexing Enabled
In the test we attempted to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is an information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.

host.itsaboutimage.website abuse, flagged: http://urlquery.net/report/4c5caf5a-1604-4f5c-a0d2-c1e0bed22013
2 flag: https://www.virustotal.com/pl/url/623228d4b9cec2089d42a6dbb56bb9a1b1d5a6c1e17b26bede0bdc8bd4d07671/analysis/1500550061/
Also vuln. here: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fplatform-api.sharethis.com%2Fjs%2Fsharethis.js
error:
Quote
found JavaScript
     error: line:7: SyntaxError: missing : after property id:
          error: line:7: Element('div');d.className = 'fontDetect';var baseFontName, checkFontName, baseElement, checkElement;for(var baseFontIndex=0;baseFontIndex<stlib1.stfp.baseFontsLength;baseFontIndex++){baseFontName = stlib1.stfp.baseFonts[baseFontIndex];baseElement = do
          error: line:7: .........^
     error: undefined variable stlib.util.prop("hash", document.location)
     error: line:1: SyntaxError: missing ; before statement:
          error: line:1: var stlib.util.prop("hash", document.location) = 1;
          error: line:1: ....^
Missed close "paren", passed but with "/*** called setTimeout with function () {return s.init({}); }, 10 */ ",
this latter because of the point where it is valuated, namely at parse/compiletime.

polonus (volunteer website security analyst and website error-hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »