Scan your site now

Security Report Summary
E
Site:
Scanned Site(s):
1
IP Address:
180.210.203.42
Report Time:
28 Sep 2020 05:22:47 UTC
Checks:
Window Referrer
Window Opener
Comments
Enabled Debugging
Unsafe Functions
Warning:
Please have a look at the security issues / warnings in the report.
Security Issues
Window Referrer
  • window.open(url, 'name', 'height=780,width=1010, scrollbars=1');[http://180.210.203.42/]
  • window.open(href, windowname, 'width=600,height=800,scrollbars=yes');[http://180.210.203.42/]
Warnings
Comments
Comments should be removed from the public code of a web application, since it can give an aggressor critical insights into the inner structure of the program. By using this information, the attacker could easier understand how the user session is handled by javascript or figure out the pathway data is sent to the server.
  • /*nsec*/[http://180.210.203.42/]
  • /*ap*/[http://180.210.203.42/]
  • /*! jQuery v1.12.4 | (c) jQuery Foundation | jquery.org/license */[https://code.jquery.com/jquery-1.12.4.min.js?v=1]
  • /* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0*/[https://www.googletagmanager.com/gtag/js?id=UA-168082518-1]
  • /* jQuery v1.9.1 (c) 2005, 2012 jQuery Foundation, Inc. jquery.org/license. */[https://www.googletagmanager.com/gtag/js?id=UA-168082518-1]
  • /* Copyright (c) 2014 Derek Brans, MIT license https://github.com/krux/postscribe/blob/master/LICENSE. Portions derived from simplehtmlparser, which is licensed under the Apache License, Version 2.0 */[https://www.googletagmanager.com/gtag/js?id=UA-168082518-1]
  • /*! * Font Awesome Free 5.0.6 by @fontawesome - http://fontawesome.com * License - http://fontawesome.com/license (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) */[https://use.fontawesome.com/releases/v5.0.6/js/all.js]
  • /* Script by: www.jtricks.com * Version: 1.12 (20120823) * Latest version: www.jtricks.com/javascript/navigation/floating.html * License: * GNU/GPL v2 or later http://www.gnu.org/licenses/gpl-2.0.html */[http://180.210.203.42/js/floating-1.12.js]
  • /* * jQuery Easing v1.3 - http://gsgd.co.uk/sandbox/jquery/easing/ * * Uses the built in easing capabilities added In jQuery 1.1 * to offer multiple easing options * * TERMS OF USE - jQuery Easing * * Open source under the BSD License. * * Copyright © 2008 George McGinley Smith * All rights reserved. * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list of * conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list * of conditions and the following disclaimer in the documentation and/or other materials * provided with the distribution. * * Neither the name of the author nor the names of contributors may be used to endorse * or promote products derived from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. **/[http://180.210.203.42/carousel/js/jquery.easing.1.3.js]
  • /* * * TERMS OF USE - EASING EQUATIONS * * Open source under the BSD License. * * Copyright © 2001 Robert Penner * All rights reserved. * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list of * conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list * of conditions and the following disclaimer in the documentation and/or other materials * provided with the distribution. * * Neither the name of the author nor the names of contributors may be used to endorse * or promote products derived from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */[http://180.210.203.42/carousel/js/jquery.easing.1.3.js]
Enabled Debugging
The JavaScript debugging functions should always removed after development stage, because they could expose informations on the inner workings of the code. In production, it is a loophole and could show a possible attacker where to find possibly exploitable vulnerabilities or interesting variables.
  • console.log(currentGMT[5]);[http://180.210.203.42/]
  • console.log("SweetAlert: "+e)};n.extend=o,n.isIE8=a,n.logStr=r},{}],9:[function(e,t,n){function o(e){return e&&e.__esModule?e:{default:e}}Object.defineProperty(n,"__esModule",{value:!0});[http://180.210.203.42/js/sweetalert.min.js]
Unsafe Functions
eval() is eval! This functions and similar ones (document.write(), document.writeln(), element.innerHTML, element.outerHTML, element.insertAdjacentHTML()) should never be used in production stage of a website, because the parsing of the executable string is often not secure and result therefore often in a cross-site scripting vulnerability. Instead of these functions create html elements by script and add it to the DOM object.
  • eval("object.__apply__("+parameterStrings.join(", ")+")");[http://180.210.203.42/demo_assets/demo05_top.js]
Additional Information
Link Opener
The window.open("https://example.com/", "_blanc", "noopener"); attribute should always be added to the window.open() function, which open a site in a new tab, to reduce the risk of reverse tabnabbing. Otherwise javascript on the new page has full control over the previous visited page, including permission to change the DOM object and possibly steal session cookies.
Link Referrer
The window.open("https://example.com/", "_blanc", "referrer"); attribute should always be added to the window.open() function to prevent reverse tabnabbing for older browser, which do not support the noopener attribute and to prevent phishing attacks.
Comments
Comments should be removed from the public code of a web application, since it can give an aggressor critical insights into the inner structure of the program. By using this information, the attacker could easier understand how the user session is handled by javascript or figure out the pathway data is sent to the server.
Enabled Debugging
The JavaScript debugging functions should always removed after development stage, because they could expose informations on the inner workings of the code. In production, it is a loophole and could show a possible attacker where to find possibly exploitable vulnerabilities or interesting variables.
Unsafe Functions
eval() is eval! This functions and similar ones (document.write(), document.writeln(), element.innerHTML, element.outerHTML, element.insertAdjacentHTML()) should never be used in production stage of a website, because the parsing of the executable string is often not secure and result therefore often in a cross-site scripting vulnerability. Instead of these functions create html elements by script and add it to the DOM object.
Scanned URL(s)
Situs Judi Bola, Slot, Poker, Casino Online Terbaik dan Terpercaya - Bookie7