Author Topic: Insecure log-in...  (Read 384 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33195
  • malware fighter
Insecure log-in...
« on: May 16, 2021, 12:31:33 AM »
Re: -http://192.185.62.72:2095/horde/login.php (via /shared.js/shared.js etc.)
Console info
Quote
Uncaught SyntaxError: Unexpected token < in JSON at position 0
    at JSON.parse (<anonymous>)
    at XMLHttpRequest.xhr.onreadystatechange (app.js:21)
and
Quote
Syntax error @ "My Bootstrap_Variant.JS"!
##########################
JSHINT output:
##########################

SyntaxError: Unexpected token '<'
    at eval (<anonymous>)
    at <anonymous>:4:80
    at Object.t [as F_c] (<anonymous>:3:191)
    at Object.E_u (<anonymous>:4:244)
    at eval (eval at exec_fn (:2:115), <anonymous>:74:477)
    at Object.create (eval at exec_fn (:2:115), <anonymous>:76:193)
    at c (eval at exec_fn (:2:115), <anonymous>:15:231)
    at <anonymous>:4:80
    at i (eval at exec_fn (:2:115), <anonymous>:13:165)
This website is insecure
Quote
This website is insecure.
60% of the trackers on this site could be protecting you from NSA snooping. Tell to fix it.
 All trackers
At least 5 third parties know you are on this webpage.
 -Optimizely
 -Google
 -shaaaaaaaaaaaaa.com
 -192.185.62.72
-www.googletagmanager.com -www.googletagmanager.com

Risk rating 10 red out of 10: https://sitereport.netcraft.com/?url=http://192.185.62.72

Outgoing link = -https://go.cpanel.net/privacy
See malware on IP: https://www.virustotal.com/gui/ip-address/192.185.62.72/relations

The Real McCoy with 100% content: -https://id.cpanel.net/get/login?url=aHR0cHM6Ly9zdG9yZS5jcGFuZWwubmV0L215Lw==
But with bootstrap vulners:
bootstrap   4.1.3   Found in -https://id.cpanel.net/static/bwr/bootstrap/dist/js/bootstrap.js _____Vulnerability info:
Medium   28236 XSS in data-template, data-content and data-title properties of tooltip/popover CVE-2019-8331

polonus (volunteer 3rd party cold recon website-security analyst and website error-hunter)
« Last Edit: May 16, 2021, 01:38:57 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33195
  • malware fighter
Re: Insecure log-in...
« Reply #1 on: May 16, 2021, 02:03:44 PM »
Some of these insecure log-in access sites have been made inaccessable,
but there is still a lot of insecurity around.

Re: https://urlscan.io/result/f7f9fa63-2dac-445c-b3d9-e4bb6c204175/

Not fully secure as it could be (1 red risk rating out of 10): https://sitereport.netcraft.com/?url=https%3A%2F%2Floginarchive.com%2Fh-logins%2Fhorde-login.php

Hence 307 recommendations towards website improvement:
https://webhint.io/scanner/376f4c87-87d1-4ec5-afcc-75b184d0b3bc
and specifically: https://webhint.io/scanner/376f4c87-87d1-4ec5-afcc-75b184d0b3bc#category-security

What it has
Quote
-http://demo.horde.org/login.php
-https://fonts.googleapis.com/css?family=Montserrat:400,700%7CMuli:400,700
-https://loginarchive.com
-https://loginarchive.com/0-logins/
-https://loginarchive.com/1-logins/
-https://loginarchive.com/1-logins/12bet-sign-up.php
-https://loginarchive.com/1-logins/192-168-o-1-login-e-senha.php
-https://loginarchive.com/2-logins/
-https://loginarchive.com/3-logins/
-https://loginarchive.com/3-logins/3cx-management-console-default-login.php
-https://loginarchive.com/4-logins/
-https://loginarchive.com/5-logins/
-https://loginarchive.com/6-logins/
-https://loginarchive.com/6-logins/6-towns-credit-union-login.php
-https://loginarchive.com/6-logins/60-minutes-all-access-login.php
-https://loginarchive.com/7-logins/
-https://loginarchive.com/7-logins/7kasino-login.php
-https://loginarchive.com/8-logins/
-https://loginarchive.com/9-logins/
-https://loginarchive.com/9-logins/99designs-sign-in-login.php
-https://loginarchive.com/a-logins/
-https://loginarchive.com/a-logins/arkansas-tech-onetech-login.php
-https://loginarchive.com/a-logins/ava-anderson-login.php
-https://loginarchive.com/about.html
-https://loginarchive.com/b-logins/
-https://loginarchive.com/c-logins/
-https://loginarchive.com/c-logins/civil-service-account-login.php
-https://loginarchive.com/contact.html
-https://loginarchive.com/css/bootstrap.min.css
-https://loginarchive.com/css/font-awesome.min.css
-https://loginarchive.com/css/style.css
-https://loginarchive.com/d-logins/
-https://loginarchive.com/d-logins/disney-world-login-page.php
-https://loginarchive.com/dmca.html
-https://loginarchive.com/e-logins/
-https://loginarchive.com/e-logins/e-tawakal-login.php
-https://loginarchive.com/e-logins/east-midlands-trains-login.php
-https://loginarchive.com/e-logins/empire-dental-login.php
-https://loginarchive.com/f-logins/
-https://loginarchive.com/f-logins/foxfire-email-login.php
-https://loginarchive.com/g-logins/
-https://loginarchive.com/h-logins/
-https://loginarchive.com/h-logins/higher-one-debit-card-login.php
-https://loginarchive.com/h-logins/hilton-garden-inn-internet-login.php
-https://loginarchive.com/h-logins/horde-imp-login.php
-https://loginarchive.com/h-logins/horde-login-failed.php
-https://loginarchive.com/h-logins/hotmail-passport-login.php
-https://loginarchive.com/h-logins/howard-county-library-login.php
-https://loginarchive.com/h-logins/http-my-wifi-ext-net-login.php
-https://loginarchive.com/h-logins/http-one-zipnadazilch-com-login-php.php
-https://loginarchive.com/h-logins/https-www-dijnet-hu-ekonto-control-login.php
-https://loginarchive.com/h-logins/hume-library-login.php
-https://loginarchive.com/i-logins/
-https://loginarchive.com/i-logins/ipvanish-sign-in.php
-https://loginarchive.com/i-logins/it-card-login.php
-https://loginarchive.com/img/avatar-2.png
-https://loginarchive.com/img/logo-alt.png
h-ttps://loginarchive.com/img/logo.png
-https://loginarchive.com/j-logins/
-https://loginarchive.com/j-logins/joytunes-login.php
-https://loginarchive.com/js/bootstrap.min.js
https://loginarchive.com/js/jquery.min.js
-https://loginarchive.com/js/jquery.stellar.min.js
-https://loginarchive.com/js/main.js
-https://loginarchive.com/k-logins/
-https://loginarchive.com/k-logins/kmmg-teamwear-login.php
-https://loginarchive.com/l-logins/
-https://loginarchive.com/m-logins/
-https://loginarchive.com/map1.php
-https://loginarchive.com/n-logins/
-https://loginarchive.com/o-logins/
-https://loginarchive.com/p-logins/
-https://loginarchive.com/privacy.html
-https://loginarchive.com/q-logins/
-https://loginarchive.com/r-logins/
-https://loginarchive.com/remove.html
-https://loginarchive.com/s-logins/
-https://loginarchive.com/suggest.html
-https://loginarchive.com/t-logins/
-https://loginarchive.com/t-logins/taylor-gang-sign-up-login.php
-https://loginarchive.com/t-logins/thomson-webmail-login.php
-https://loginarchive.com/t-logins/tradingroom-login.php
-https://loginarchive.com/u-logins/
-https://loginarchive.com/v-logins/
-https://loginarchive.com/w-logins/
-https://loginarchive.com/x-logins/
-https://loginarchive.com/x-logins/xpressconnect-login.php
-https://loginarchive.com/y-logins/
-https://loginarchive.com/y-logins/youandwalgreens-com-login.php
-https://loginarchive.com/z-logins/
-https://loginarchive.com/z-logins/zurcher-tire-login.php
-https://lunenburgportal.additionnetworks.net/login.php
-https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js *
-https://webmail.foxvalley.net/horde/login.php
-https://webmail.latech.edu/
-https://webmail.library.ns.ca/
-https://webmail.nauta.cu/login.php
-https://webmail.netregistry.net/horde4/imp/
-https://webmail.omnis.com/horde/login.php
-https://webmail.ru.ac.za/horde/login.php
-https://webmail.your-site.com/login.php
See: https://urlscan.io/result/f7f9fa63-2dac-445c-b3d9-e4bb6c204175/#links
And the spider in this web as always is Alphabet Corp. a.k.a. Google * et al with all Big Tech Affiliates, like in this case CloudFlare Inc. as shown by indicators: https://urlscan.io/result/f7f9fa63-2dac-445c-b3d9-e4bb6c204175/#indicators

polonus (volunteer 3rd party cold recon website security-analyst and website error-hunter)
« Last Edit: May 16, 2021, 03:07:08 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!