Author Topic: Resource webpage could do with some enhanced security...  (Read 258 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32441
  • malware fighter
Resource webpage could do with some enhanced security...
« on: May 23, 2020, 12:53:02 PM »
See: https://webhint.io/scanner/f83c34a7-3368-41fe-86dc-8b80ae0fa042#category-security
Especially as it is presented as security-related recommendations.
Retirable jQuery libraries detected:
Retire.js
jquery   3.3.1   Found in -https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js<br>Vulnerability info:
Low   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution   123
Medium   Regex in its jQuery.htmlPrefilter sometimes may introduce XSS

DOM-XSS Results from scanning URL: -http://angularjs.org
Number of sources found: 1
Number of sinks found: 63

Results from scanning URL: -https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
Number of sources found: 34
Number of sinks found: 15

Results from scanning URL: -https://ajax.googleapis.com/ajax/libs/angularjs/1.7.9/angular-animate.min.js
Number of sources found: 1
Number of sinks found: 1

Results from scanning URL: -http://angularjs.org/js/download-data.js
Number of sources found: 2
Number of sinks found: 0

Results from scanning URL: -http://angularjs.org/js/download-data.js
Number of sources found: 8
Number of sinks found: 11

Results from scanning URL: -https://cdn.firebase.com/libs/angularfire/0.9.0/angularfire.min.js
Number of sources found: 1
Number of sinks found: 5

Results from scanning URL: -https://cdn.firebase.com/libs/angularfire/0.9.0/angularfire.min.js
Number of sources found: 1
Number of sinks found: 5

Results from scanning URL: -https://platform.twitter.com/widgets.js  (important see webcookie report)
Number of sources found: 72
Number of sinks found: 14

Results from scanning URL: -https://ajax.googleapis.com/ajax/libs/angularjs/1.7.9/angular.min.js
Number of sources found: 114
Number of sinks found: 29

B-grade scan results: https://webcookies.org/cookies/angularjs.org/30507819?323242

Quick  Source JS -> Javascript 23   (external 15, inline 8)
-ssl.google-analytics.com/​ga.js
INLINE: (function() { let alreadyInsertedMetaTag = false function __insertDappDete
1,238 bytes

-ajax.googleapis.com/ajax/libs/jquery/3.3.1/​jquery.min.js
86,927 bytes Expires: Sun, 16 May 2021 22:32:14 GMT

-ajax.googleapis.com/ajax/libs/angularjs/1.7.9/​angular.min.js
-ajax.googleapis.com/ajax/libs/angularjs/1.7.9/​angular-animate.min.js
INLINE: angular.module('todoApp', []) .controller('TodoListController', f
928 bytes

INLINE: angular.module('components', []) .directive('tabs', function() {
1,631 bytes

INLINE: angular.module('app-us', ['app', 'ngLocal.us']); angular.module('ap
115 bytes

INLINE: angular.module('app', ['components']) .controller('BeerCounter', f
518 bytes

-angularjs.org/google-code-prettify/​prettify.min.js
-angularjs.org/js/​homepage.js
-angularjs.org/js/​download-data.js
-cdnjs.cloudflare.com/ajax/libs/angular-ui-bootstrap/1.1.2/​ui-bootstrap-tpls.min.js
-ajax.googleapis.com/ajax/libs/angularjs/1.7.9/​angular-resource.min.js
-ajax.googleapis.com/ajax/libs/angularjs/1.7.9/​angular-route.min.js
-cdn.firebase.com/js/client/2.0.4/​firebase.js
-cdn.firebase.com/libs/angularfire/0.9.0/​angularfire.min.js
-code.angularjs.org/1.7.9/i18n/​angular-locale_sk.js
INLINE: angular.module('ngLocal.sk', [])._configBlocks.push(angular.module('ngLocal
105 bytes

code.angularjs.org/1.7.9/i18n/​angular-locale_en-us.js
INLINE: angular.module('ngLocal.us', [])._configBlocks.push(angular.module('ngLocal
177 bytes

-platform.twitter.com/​widgets.js
INLINE: var _gaq=[ ['_setAccount','UA-8594346-3'], ['_setDomainName', '
491 bytes

Blacklisted subresources:     -https://platform.twitter.com/widgets.js
   -https://ssl.google-analytics.com/ga.js
   -https://syndication.twitter.com/settings

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32441
  • malware fighter
Re: Resource webpage could do with some enhanced security...
« Reply #1 on: May 24, 2020, 01:26:51 AM »
In our following example the website is rather secure, but where that IP is hosted we find many a vulnerability.

Re: hxtps://icr-amu.cnrs.fr/?lang=fr
Retirable jQuery:
Quote
jquery   1.7.2   Found in -https://icr-amu.cnrs.fr/prive/javascript/jquery.js<br>Vulnerability info:
Medium   CVE-2012-6708 11290 Selector interpreted as HTML   
Medium   2432 3rd party CORS request may execute CVE-2015-9251   
Low   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution   
Medium   Regex in its jQuery.htmlPrefilter sometimes may introduce XSS   
Risk Rating Netcraft = 0

Results from scanning URL: -https://icr-amu.cnrs.fr/
Number of sources found: 3
Number of sinks found: 271

Various vulnerabilities detected: https://www.shodan.io/host/147.94.185.100
Inline script
Quote
$(document).ready(function() {
    // correction bug iOS ne prenant pas en charge les :hover CSS des menus hxtp://blakepetersen.io/how-to-ios-and-css-hover-events/
    if ((navigator.userAgent.match(/iPhone/i)) || (navigator.userAgent.match(/iPod/i)) || (navigator.userAgent.match(/iPad/i))) {
        $("div.menu div.level1").click(function() {
            // Leave this empty, that's the magic sauce
        });
    }
});

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!