Scanned: -http://843-healthandbeauty.com-7mg.net/
Detected libraries:
jquery - 1.11.0 : (active1) -http://843-healthandbeauty.com-7mg.net/vendor/jquery-1.11.0.min.js
(active) - the library was also found to be active by running code
No vulnerable libraries found
Scanner output:
Scanning -http://843-healthandbeauty.com-7mg.net/ …
Script loaded: -http://843-healthandbeauty.com-7mg.net/vendor/jquery-1.11.0.min.js
Script loaded: -http://843-healthandbeauty.com-7mg.net/vendor/underscore-min.js
Script loaded: -http://843-healthandbeauty.com-7mg.net/site.js
Script loaded: -http://843-healthandbeauty.com-7mg.net/analytics.js
Script loaded: -http://843-healthandbeauty.com-7mg.net/templates.js
Script loaded: -http://www.google-analytics.com/analytics.js
Status: success
Detected library: jquery - 1.11.0 * → http://jqueryui.com/upgrade-guide/1.10/ and beyond.
Load time: 28818ms
Took a closer look at the underscore-min.js script for vulnerabilties and bingo:
-https://code.google.com/p/mustache-security/wiki/UnderscoreJS
Analytics.js is security risky code, read here:
By referring to javascript that’s hosted elsewhere, you’re basically at the mercy of that other organization, which is in this case Google, to not do evil with it,Quote from The Register - author = Dan Goodin.
polonus (volunteer website security analyst and website error-hunter)