Re: /wp-content/plugins/revslider/rs-plugin/js/jquery.themepunch.revolution.min.js?ver=4.2.2
Severity: Potentially Suspicious
Reason: Suspicious JavaScript code injection.
Details: Procedure: + has been called with a string containing hidden JavaScript code .
Threat dump: Not available - htxp://wp-content/plugins/revslider/rs-plugin/js/jquery.themepunch.revolution.min.js?ver=4.2.2Severity:Potentially%20SuspiciousReason:Suspicious%20JavaScript%20code%20injection.Details:Procedure:%20+%20has%20been%20called%20with%20a%20string%20containing%20hidden%20JavaScript%20code%20%3Cscript%3E%20videojs.options.flash.swf%20=
Threat dump MD5: 8A740BDDFAA9DF9EE701AD8A60BACD92
File size[byte]: 69896
File type: ASCII
Page/File MD5: C82E21D8A47592705D7932473706BF05
Scan duration[sec]: 3.995000
Re: https://sitecheck.sucuri.net/results/www.nixtel.re
Contact form 7 exploit vulnerability. Security Bypass. Bitdefender TrafficLight flags: https://www.virustotal.com/en-gb/url/09cc7000ffd30ba25c649f63d39b7f49447b98b98d1959dec36d6d7761c386cd/analysis/1435781201/
Re: http://www.dnsinspect.com/nixtel.re/1435781277
ISSUE DETECTED DEFINITION VULNERABLE HEADER
Outdated Web Server Apache Found Vulnerabilities on Apache 2.2 Apache/2.2.22
PHP vulnerable to bypass/exploit → http://security.stackexchange.com/questions/17407/how-can-i-use-this-path-bypass-exploit-local-file-inclusion. Peculiarities in PHP’s handling of file paths enable all sorts of subtle attacks on vulnerabilities that otherwise would appear unexploitable. For cold reconnaissance website analysts, these attack techniques may be worth knowing about.
polonus (volunteer website security analyst and website error-hunter)