Author Topic: Reflected XSS vulnerability with "window.location.protocol.split"  (Read 257 times)

0 Members and 1 Guest are viewing this topic.

Online polonus

  • Avast √úberevangelist
  • Maybe Bot
  • *****
  • Posts: 31281
  • malware fighter
Where we found this source: -http://www.bjqbw.cn/shehui/jingfa/index.shtm
Unrecognized input for "var curProtocol" script element does not.
More on that site: https://retire.insecurity.today/#!/scan/f2ff9de112438093b8b2b8ae2b667dfe6bf9a4e1e6dccf831aae6addbd8ae4e6
Other malware detected: https://urlquery.net/report/bbb7c57b-57c3-4fa8-9b45-3d71048a6c52  **

Site is susceptible to MiM attacks (6); domain at risk of being hijacked (4); 2 vulnerabilities to be discovered more easily; unnecessary open ports; DNS susceptible to MiM attacks. Meta-elements not being set; ** results not returned fast enough: -{"date":"2019-02-04T21:50:20.493Z","timeout":"htxps://hm.baidu.com/hm.js?1e5f410561fc80e6f12e3845941d1fe6"}

polonus
« Last Edit: February 04, 2019, 10:53:01 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!