polonus
2
Hi dutchie,
Well consider a couple of general insecurities and code insecurities I have found up while scanning with some external scanners.
iFrame insecurities:
See: iFramecheck: Suspicious → 16 instances of potentially suspicious files → http://quttera.com/detailed_report/embroidershoppe.com
and this actually nr. 17 because hidden iFrame load.
/ScriptResource.axd?d=QAPP1-xZVVRpy7V68WnRu1lzbgnE51KTpb1Sz3cXQBfYXGJP0CeR4Yxp-rLI8EonMT0S0WwvAriXCgJzbk4bHWC2OxILL2TuAefhnBvEO-4U5WfPoGuoAK_IxU6R3hsYy0fx_EnEkkGiILaprKp5QA2&t=ffffffffdd783992
Severity: Potentially Suspicious
Reason: Suspicious JavaScript code injection. (debugging dynamic javascript code causes vs to create “eval” code)
Details: Procedure: + has been called with a string containing hidden JavaScript code .
Threat dump: http://jsunpack.jeek.org/?report=57befa697621827f23bc46b67cb75cd86f38a3bb
File size[byte]: 357822
File type: ASCII
MD5: 470FFDE37F8C0C1F8811DD3CF6AE1807
Scan duration[sec]: 3.477000
empty.htm’
javascript:false’
javascript:false’
slideshow.asp?i=homepage’
timer.asp’
yahoo.html’
External links to check:
htxp://embroidershoppe.blogspot.com/ → ’ blog’
htxp://www.2checkout.com → ’ 'http://urlquery.net/report.php?id=7978963
hxtp://www.embroiderybillboard.com/ → ‘’ http://urlquery.net/report.php?id=7978901
Potentially risky methods on server seen.
General asp dot net site configuration insecurities:
General asp dot net insercurities on website: https://asafaweb.com/Scan?Url=www.embroidershoppe.com%2Fdefault.aspx
Custom errors Fail , Stacktrace Fail, Excessive headers warning, Clickjacking warning. All could lead to too much info being spread to potential attackers of the site.
Code hick-up on site:
wXw.embroidershoppe.com/DXR.axd?r=1_42-LVoO5 benign
[nothing detected] (script) wXw.embroidershoppe.com/DXR.axd?r=1_42-LVoO5
status: (referer=wXw.embroidershoppe.com/default.aspx)saved 167634 bytes 8db6709db0b4f6aa502f763b605d83e88503b905
info: [iframe] wXw.embroidershoppe.com/
info: [decodingLevel=0] found JavaScript
suspicious:
polonus