Author Topic: Insecure log-in... (Read 3681 times)

polonus · « **on:** May 16, 2021, 12:31:33 AM »

Re: -http://192.185.62.72:2095/horde/login.php (via /shared.js/shared.js etc.)
Console info

Quote

Uncaught SyntaxError: Unexpected token < in JSON at position 0
at JSON.parse (<anonymous>)
at XMLHttpRequest.xhr.onreadystatechange (app.js:21)

and

Quote

Syntax error @ "My Bootstrap_Variant.JS"!
##########################
JSHINT output:
##########################

SyntaxError: Unexpected token '<'
at eval (<anonymous>)
at <anonymous>:4:80
at Object.t [as F_c] (<anonymous>:3:191)
at Object.E_u (<anonymous>:4:244)
at eval (eval at exec_fn (:2:115), <anonymous>:74:477)
at Object.create (eval at exec_fn (:2:115), <anonymous>:76:193)
at c (eval at exec_fn (:2:115), <anonymous>:15:231)
at <anonymous>:4:80
at i (eval at exec_fn (:2:115), <anonymous>:13:165)

This website is insecure

Quote

This website is insecure.
60% of the trackers on this site could be protecting you from NSA snooping. Tell to fix it.
All trackers
At least 5 third parties know you are on this webpage.
-Optimizely
-Google
-shaaaaaaaaaaaaa.com
-192.185.62.72
-www.googletagmanager.com -www.googletagmanager.com

Risk rating 10 red out of 10: https://sitereport.netcraft.com/?url=http://192.185.62.72

Outgoing link = -https://go.cpanel.net/privacy
See malware on IP: https://www.virustotal.com/gui/ip-address/192.185.62.72/relations

The Real McCoy with 100% content: -https://id.cpanel.net/get/login?url=aHR0cHM6Ly9zdG9yZS5jcGFuZWwubmV0L215Lw==
But with bootstrap vulners:
bootstrap 4.1.3 Found in -https://id.cpanel.net/static/bwr/bootstrap/dist/js/bootstrap.js _____Vulnerability info:
Medium 28236 XSS in data-template, data-content and data-title properties of tooltip/popover CVE-2019-8331

polonus (volunteer 3rd party cold recon website-security analyst and website error-hunter)

polonus · « **Reply #1 on:** May 16, 2021, 02:03:44 PM »

Some of these insecure log-in access sites have been made inaccessable,
but there is still a lot of insecurity around.

Re: https://urlscan.io/result/f7f9fa63-2dac-445c-b3d9-e4bb6c204175/

Not fully secure as it could be (1 red risk rating out of 10): https://sitereport.netcraft.com/?url=https%3A%2F%2Floginarchive.com%2Fh-logins%2Fhorde-login.php

Hence 307 recommendations towards website improvement:
https://webhint.io/scanner/376f4c87-87d1-4ec5-afcc-75b184d0b3bc
and specifically: https://webhint.io/scanner/376f4c87-87d1-4ec5-afcc-75b184d0b3bc#category-security

What it has

Quote

-http://demo.horde.org/login.php
-https://fonts.googleapis.com/css?family=Montserrat:400,700%7CMuli:400,700
-https://loginarchive.com
-https://loginarchive.com/0-logins/
-https://loginarchive.com/1-logins/
-https://loginarchive.com/1-logins/12bet-sign-up.php
-https://loginarchive.com/1-logins/192-168-o-1-login-e-senha.php
-https://loginarchive.com/2-logins/
-https://loginarchive.com/3-logins/
-https://loginarchive.com/3-logins/3cx-management-console-default-login.php
-https://loginarchive.com/4-logins/
-https://loginarchive.com/5-logins/
-https://loginarchive.com/6-logins/
-https://loginarchive.com/6-logins/6-towns-credit-union-login.php
-https://loginarchive.com/6-logins/60-minutes-all-access-login.php
-https://loginarchive.com/7-logins/
-https://loginarchive.com/7-logins/7kasino-login.php
-https://loginarchive.com/8-logins/
-https://loginarchive.com/9-logins/
-https://loginarchive.com/9-logins/99designs-sign-in-login.php
-https://loginarchive.com/a-logins/
-https://loginarchive.com/a-logins/arkansas-tech-onetech-login.php
-https://loginarchive.com/a-logins/ava-anderson-login.php
-https://loginarchive.com/about.html
-https://loginarchive.com/b-logins/
-https://loginarchive.com/c-logins/
-https://loginarchive.com/c-logins/civil-service-account-login.php
-https://loginarchive.com/contact.html
-https://loginarchive.com/css/bootstrap.min.css
-https://loginarchive.com/css/font-awesome.min.css
-https://loginarchive.com/css/style.css
-https://loginarchive.com/d-logins/
-https://loginarchive.com/d-logins/disney-world-login-page.php
-https://loginarchive.com/dmca.html
-https://loginarchive.com/e-logins/
-https://loginarchive.com/e-logins/e-tawakal-login.php
-https://loginarchive.com/e-logins/east-midlands-trains-login.php
-https://loginarchive.com/e-logins/empire-dental-login.php
-https://loginarchive.com/f-logins/
-https://loginarchive.com/f-logins/foxfire-email-login.php
-https://loginarchive.com/g-logins/
-https://loginarchive.com/h-logins/
-https://loginarchive.com/h-logins/higher-one-debit-card-login.php
-https://loginarchive.com/h-logins/hilton-garden-inn-internet-login.php
-https://loginarchive.com/h-logins/horde-imp-login.php
-https://loginarchive.com/h-logins/horde-login-failed.php
-https://loginarchive.com/h-logins/hotmail-passport-login.php
-https://loginarchive.com/h-logins/howard-county-library-login.php
-https://loginarchive.com/h-logins/http-my-wifi-ext-net-login.php
-https://loginarchive.com/h-logins/http-one-zipnadazilch-com-login-php.php
-https://loginarchive.com/h-logins/https-www-dijnet-hu-ekonto-control-login.php
-https://loginarchive.com/h-logins/hume-library-login.php
-https://loginarchive.com/i-logins/
-https://loginarchive.com/i-logins/ipvanish-sign-in.php
-https://loginarchive.com/i-logins/it-card-login.php
-https://loginarchive.com/img/avatar-2.png
-https://loginarchive.com/img/logo-alt.png
h-ttps://loginarchive.com/img/logo.png
-https://loginarchive.com/j-logins/
-https://loginarchive.com/j-logins/joytunes-login.php
-https://loginarchive.com/js/bootstrap.min.js
https://loginarchive.com/js/jquery.min.js
-https://loginarchive.com/js/jquery.stellar.min.js
-https://loginarchive.com/js/main.js
-https://loginarchive.com/k-logins/
-https://loginarchive.com/k-logins/kmmg-teamwear-login.php
-https://loginarchive.com/l-logins/
-https://loginarchive.com/m-logins/
-https://loginarchive.com/map1.php
-https://loginarchive.com/n-logins/
-https://loginarchive.com/o-logins/
-https://loginarchive.com/p-logins/
-https://loginarchive.com/privacy.html
-https://loginarchive.com/q-logins/
-https://loginarchive.com/r-logins/
-https://loginarchive.com/remove.html
-https://loginarchive.com/s-logins/
-https://loginarchive.com/suggest.html
-https://loginarchive.com/t-logins/
-https://loginarchive.com/t-logins/taylor-gang-sign-up-login.php
-https://loginarchive.com/t-logins/thomson-webmail-login.php
-https://loginarchive.com/t-logins/tradingroom-login.php
-https://loginarchive.com/u-logins/
-https://loginarchive.com/v-logins/
-https://loginarchive.com/w-logins/
-https://loginarchive.com/x-logins/
-https://loginarchive.com/x-logins/xpressconnect-login.php
-https://loginarchive.com/y-logins/
-https://loginarchive.com/y-logins/youandwalgreens-com-login.php
-https://loginarchive.com/z-logins/
-https://loginarchive.com/z-logins/zurcher-tire-login.php
-https://lunenburgportal.additionnetworks.net/login.php
-https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js *
-https://webmail.foxvalley.net/horde/login.php
-https://webmail.latech.edu/
-https://webmail.library.ns.ca/
-https://webmail.nauta.cu/login.php
-https://webmail.netregistry.net/horde4/imp/
-https://webmail.omnis.com/horde/login.php
-https://webmail.ru.ac.za/horde/login.php
-https://webmail.your-site.com/login.php
See: https://urlscan.io/result/f7f9fa63-2dac-445c-b3d9-e4bb6c204175/#links
And the spider in this web as always is Alphabet Corp. a.k.a. Google * et al with all Big Tech Affiliates, like in this case CloudFlare Inc. as shown by indicators: https://urlscan.io/result/f7f9fa63-2dac-445c-b3d9-e4bb6c204175/#indicators

polonus (volunteer 3rd party cold recon website security-analyst and website error-hunter)

Author Topic: Insecure log-in... (Read 3681 times)

polonus

Insecure log-in...

polonus

Re: Insecure log-in...