Blind SQL vulnerable website analyzed...

Viruses and worms
1

SQL Injection is an extremely destructive attack and if exploited can lead to an attacker eventually gaining control over large parts of your network over a period of time. Even a single vulnerable parameter in an application, can be enough for this to become a reality. Website vulnerable to Blind SQL: http://exposure.easyaudit.org/analysis/sherlockiancalendar.homestead.com
SPOF on the website: Possible Frontend SPOF from:

-ss.webring.com - Whitelist
(98%) -
(2%) -
www.meetup.com - Whitelist
(1%) -

We find HTTP Server: IIS 7.5
Operating System: Windows Server 2008 R2
So time to do an Asafaweb scan:
Excessive Headers Warning:
Overview
By default, excessive information about the server and frameworks used by an ASP.NET application are returned in the response headers. These headers can be used to help identify security flaws which may exist as a result of the choice of technology exposed in these headers.

Clickjacking Warning: Websites are at risk of a clickjacking attack when they allow content to be embedded within a frame. An attacker may use this risk to invisibly load the target website into their own site and trick users into clicking on links which they never intended to. An “X-Frame-Options” header should be sent by the server to either deny framing of content, only allow it from the same origin or allow it from a trusted URIs.

VT has never seen it: https://www.virustotal.com/nl/domain/sherlockiancalendar.homestead.com/information/

Seems OK: http://toolbar.netcraft.com/site_report?url=http://sherlockiancalendar.homestead.com

Look here: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fsherlockiancalendar.homestead.com%2F
Results from scanning URL: http://sherlockiancalendar.homestead.com/~site/Scripts_ExternalRedirect/ExternalRedirect.dll?CMD=CMDGetJavaScript&H_SITEID=RTK3&H_AltURL=%2F~site%2FRealTracker%2Fibc90006.js&HSGOTOURL=http%3A%2F%2Fweb4.realtracker.com%2Fnetpoll%2Fjs%2Fibc90006.js
Number of sources found: 1
Number of sinks found: 12
Results from scanning URL: http://sherlockiancalendar.homestead.com/~site/Scripts_ExternalRedirect/ExternalRedirect.dll?CMD=CMDGetJavaScript&H_SITEID=RTK3&H_AltURL=%2F~site%2FRealTracker%2Fibc90006.js&HSGOTOURL=http%3A%2F%2Fweb4.realtracker.com%2Fnetpoll%2Fjs%2Fibc90006.js
Number of sources found: 3
Number of sinks found: 21
Results from scanning URL: http://www.TimberWolfRealty.com>mortgage
Number of sources found: 3
Number of sinks found: 21

Before we launched this scan we were being alerted by Malware Script Detector for a Javascript that is vulnerable; Detected Customized XSS malware from --/modernizr-2.0.6.min.js.

Normal scanners do not flag anything, but as one sees the site could be attacked any day and any moment.
How to protect: http://www.easysoft.com/developer/sql-injection.html

polonus (volunteer website security analyst and website error-hunter)