Checking on -http://tallerbdn.cat/cat
iframes
Any iframes? Yes there are. show.
Detected libraries:
jquery - 1.4.4 : (active1) -http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js
Info: Severity: medium
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4969
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery.prettyPhoto - 3.0 : (active1) -http://tallerbdn.cat/prettyPhoto/js/jquery.prettyPhoto.js
Info: Severity: high
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6837&cid=3
Info: Severity: high
https://github.com/scaron/prettyphoto/issues/149
https://blog.anantshri.info/forgotten_disclosure_dom_xss_prettyphoto
jquery - 1.2.6 : -http://tallerbdn.cat/javascript-carrusel/jquery_002.js
Info: Severity: medium
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4969
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
(active) - the library was also found to be active by running code
3 vulnerable libraries detected
See: http://www.domxssscanner.com/scan?url=http%3A%2F%2Ftallerbdn.cat%2Fcat
Sucuri presents a hacked and defaced website: https://sitecheck.sucuri.net/results/tallerbdn.cat/cat
eith
Possible Frontend SPOF from:
-ajax.googleapis.com -
(73%) -
Unique IDs about your web browsing habits have been insecurely sent to third parties for 33% of trackers.
At least 6 third parties know you are on this webpage.
-Google
-Google
-tallerbdn.cat -tallerbdn.cat
-local.adguard.com (my personal adblocking solution)
-i.hizliresim.com (because of the hack)
-www.mustbebuilt.co.uk (an extension of mine in Google Chrome).
→ http://toolbar.netcraft.com/site_report?url=http://tallerbdn.cat
pol