See: Joomla Version
3.4
Version does not appear to be latest 3.4.8 - update now.
Joomla Modules, Components and Plugins
The following modules were detected from the HTML source of the Joomla front page.
mod_janews_featured
mod_djimageslider
mod_jabulletin
mod_janewspro
The following components were detected from the HTML source of the Joomla front page.
search
com_k2
users
joomgallery
The following plugins were detected from the HTML source of the Joomla front page.
japopup
jatabs
t3
Adding Modules, Components and Plugins to a Joomla site expands your attack surface. These addons are a source of many security vulnerabilities, it is important to always keep them updated to the latest version available and check the developers plugin page for information about security related updates and fixes. Using the JoomlaVS scanner it is possible to dig deeper and determine all installed components, including the version.
Insecure jQuery libraries detected: -http://skala.ba/
Detected libraries:
jquery - 1.11.2 : (active1) -http://skala.ba/t3-assets/js/js-d313e.js?t=293
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
jquery-migrate - 1.2.1 : -http://skala.ba/t3-assets/js/js-d313e.js?t=293
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery - 1.8.1 : http://skala.ba/plugins/system/japopup/asset/jquery/jquery.min.js
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
(active) - the library was also found to be active by running code
3 vulnerable libraries detected
Skala padlock icon
-skala.ba
Alerts (1)
Insecure login (1)
Password will be transmited in clear to -http://skala.ba/index.php
Infos (1)
Encryption (HTTPS) (1)
Communication is NOT encrypted
A low F-Status here: https://securityheaders.io/?q=skala.ba
Nameserver is DROWn vulnerable: https://test.drownattack.com/?site=dns.fakat.net
Also see: http://www.dnsinspect.com/skala.ba/1460909300
One issue here: https://sritest.io/#report/4294649b-27f5-4f77-b807-de14bb0fdf29
for which script has been blocked by script blocker, found in: hpHosts’ Ad and tracking servers
• Dan Pollock’s hosts file • MVPS HOSTS
polonus (volunteer website security analyst and website error-hunter)