I find “Google Web Accelerator HTTP/1.1” vulnerabilities. A client-side technology already discontinued in 2006 :o
Also Outdated CMS found Joomla with Security Announcements Vuln. Header: Joomla under 2.5.26 or 3.3.5
Javascript Check: Suspicious
hp/5.4.33
I, pol, now also get:
<meta http-equiv="refresh" content="2; url=htxp://com-la20.net/wigv.php?a=314759&c=wl_con&s=02 ">
Object: htxp://drn.kz/our/began.php
SHA1: 525814ce82aa0888bbdf222b6f08b5f3514167fa
Name: TrojWare.JS.Redirector.ft
avast! does not detect.
Also /swfobject.js code with ‘localstorage’ XSS exploitable in Quirk’s mode (because of old GWA).
exploitable - drn dot kz/templates/beez5/javascript/hide.js benign
[nothing detected] (script) drn dot kz/templates/beez5/javascript/hide.js
status: (referer=drn dot kz/index.php/en/)saved 8145 bytes d33333ef6504da1490c9e6feea0f28a900e04e89
info: [decodingLevel=0] found JavaScript
suspicious: Results from scanning URL: http://drn.kz/templates/beez5/javascript/hide.js
Number of sources found: 6
Number of sinks found: 3 localstorage as source
OWASP warns here:
A single Cross Site Scripting can be used to steal all the data in these objects, so again it’s recommended not to store sensitive information in local storage.
A single Cross Site Scripting can be used to load malicious data into these objects too, so don’t consider objects in these to be trusted.
Pay extra attention to “localStorage.getItem” and “setItem” calls implemented in HTML5 page. It helps in detecting when developers build solutions that put sensitive information in local storage, which is a bad practice.
Do not store session identifiers in local storage as the data is always accesible by JavaScript. Cookies can mitigate this risk using the httpOnly flag.
On this site several issues needs being addressed a.s.a.p.
polonus (volunteer website analyst)