Website with vulnerable PHP!

See: HTTP Server: nginx
PHP Version: 5.3.29 (Outdated: X-Powered by) for htxp://art-assorty.ru/
Google safe browse check
PASSED
Google finds the site to be free of malware
Sucuri does not state that the PHP software is outdated!
External hosts links: Externally Linked Host Hosting Provider Country

-feeds.feedburner.com Google United States
-twitter.com Twitter United States
-www.facebook.com Facebook Ireland
-feedburner.google.com Google United States

Included javascript links:
/engine/classes/min/index.php?charset=windows-1251&g=general&3
/engine/modules/awards/tooltip.js
/templates/historyshablon/js/tooltip.js
//vk.com/js/api/openapi.js?105
https://w.uptolike.com/widgets/v1/zp.js?pid=1317132

See: http://toolbar.netcraft.com/site_report?url=http://art-assorty.ru
Encryption (HTTPS) (1)
Communication is NOT encrypted
Dynamic Ads to Widget blocked: htxp://an.yandex.ru/system/context.js
easyprivacy block problems may arise for mail dot ru
replace filter with

  CODE: SELECT ALL
@@||rs.mail.ru  

Blocked by uBlock for me in browser = hxtp://counter.yadro.ru/hit?t21.6;r

DOM XSS vuln.: htxp://art-assorty.ru/ & htxps://w.uptolike.com/widgets/v1/zp.js?pid=1317132 →
_source=addon&utm_content=popup → -> http://www.domxssscanner.com/scan?url=http%3A%2F%2Fart-assorty.ru%2F

This situation has not changed much: http://www.theregister.co.uk/2014/12/31/want_to_have_your_server_pwned_easy_run_php/
link article author = Neil McAllister

polonus (volunteer website security analyst and website error-hunter)