polonus
1
Where: http://urlquery.net/report.php?id=1448485050427
main site is a slick high technology developed site, but why this service site full of probably left jQuery plug-ins have been left accessible via analytics-enable.php?
And this is found while scanning the main domain for vulnerable libraries: -http://auditoriodetenerife.com
Detected libraries:
jquery - 1.11.3 : -http://auditoriodetenerife.auditoriodetener.netdna-cdn.com/wp-includes/js/jquery/jquery.js
jquery-migrate - 1.2.1 : -http://auditoriodetenerife.auditoriodetener.netdna-cdn.com/wp-includes/js/jquery/jquery-migrate.min.js
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery-ui-autocomplete - 1.11.4 : -http://auditoriodetenerife.auditoriodetener.netdna-cdn.com/wp-includes/js/jquery/ui/autocomplete.min.js *
1 vulnerable library detected
See where it lands: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fauditoriodetenerife.auditoriodetener.netdna-cdn.com%2Fwp-includes%2Fjs%2Fjquery%2Fui%2Fautocomplete.min.js
at Results from scanning URL: -http://www.google.com/adsense/domains/caf.js *
Number of sources found: 107
Number of sinks found: 112
Going to -http://powernames.co/notMuchGoingOnHere.php?dn=Ads.Domains
Not much is going on at the moment -Ads.Domains
For more info email: a@5 dot uk
Keywords: Ads.Domains, AdsDomains, Ads-Domains, Ads Domains → website risk status: http://toolbar.netcraft.com/site_report?url=http://powernames.co
Do we now all see the importance of access and input output logging and monitoring…
High technology website could be beautifull and shining through advanced web design technology,
still that is not a recipee to website security :o
polonus (volunteer website security analyst and website error-hunter)
