See: random website bla-di-bla\Interface/Base/Login.aspx?ReturnUrl=%2f
Website is insecure by default against NSA snooping.
Retirable jQuery
jquery 1.4.2 Found in https://bla-di-bla/3rdParty/UI.Layout/jquery.js?131XXX34899770454
Vulnerability info:
Medium CVE-2011-4969 XSS with location.hash
Medium CVE-2012-6708 11290 Selector interpreted as HTML
Medium 2432 3rd party CORS request may execute CVE-2015-9251
Low CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution
jquery 1.7.2 Found in https://bla-di-bla/3rdParty/Rad/Common/jQuery.js
Vulnerability info:
Medium CVE-2012-6708 11290 Selector interpreted as HTML
Medium 2432 3rd party CORS request may execute CVE-2015-9251
Low CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution
jquery 1.7.2 Found in https://bla-di-bla/ScriptResource.axd?d=8a0BJA_XXXX-JtZbASUXXX_6jOE-JDptKpRkXXXXXpdVbJX7dvUjixV-etc.
Vulnerability info:
Medium CVE-2012-6708 11290 Selector interpreted as HTML
Medium 2432 3rd party CORS request may execute CVE-2015-9251
Low CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution
I’ve forwarded this information off too Taylor. Told them they need to double check versions (jQuery being outdated). Also recommended they move their site to a Canadian or American IP Address. (They have servers here in Canada - not sure why their domain is a French one)
Hope that you understand why I posted this (however anonymously) into the public Virus & Worms section of the forums.
I gave you the extensive particulars in our PMs. But i.m.h.o. it also deserves a general heads-up.
It is dangerous to have an log-in page online, that can be accessed,
when at the same time one could also have user enumeration enabled in the CMS configuration
(Word Press for an example). Such excessive info proliferation of sorts can always be lively dangerous.
Any attacker only needs a tiny little worm hole to break through your defenses, and better not make it that easy for them :o
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
I have no issues with the information you’ve posted to the public; (And nor do they). I agree, any information security related that can improve others cyber stance is information worth sharing, in my opinion.
Thanks, my good friend. Glad to know we share this view of responsible disclosure code to enhance general security and not to follow the path of security through obscurity, that “leaves often the many out in the cold”. Here you will find me at your side.
I just would like website owners and admins of PHP based CMS to please scan their basic website CMS security settings and at least check for the right configuration and settings, updated CMS versions, themes and plug-ins. Retirable libraries and left code.
For Word Press and Joomla CMS scan here: https://hackertarget.com/ for a quick and dirty (check also at Sucuri’s).
For Magento Shop CMS scan here: https://www.magereport.com/ extensive report (credits go to security researcher GWillem).
For retirable code scan: https://retire.insecurity.today/ (developed like the Retire.JS extension by webtonull’s Erlend Oftedal,
credits go to him).
Better settings with Word Press like user enumeration disabled, directory listing disabled, and other best practices
(header security, CSP policy etc.) we will arrive at a more secure website infrastructure. Every website counts.
That is basically, why we try to do what we do. Thanks to avast’s to give us the platform to do so.
And of course it is a two-way exercise. What is good for avast, is good for general digital security also.
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)