Scan your site now

Security Report Summary
E
Site:
Scanned Site(s):
1
IP Address:
5.23.51.199
Report Time:
28 Feb 2021 16:28:43 UTC
Checks:
Window Referrer
Window Opener
Comments
Enabled Debugging
Unsafe Functions
Warning:
Please have a look at the security issues / warnings in the report.
Security Issues
Window Referrer
  • window.open(url, '', 'status=no,scrollbars=yes,resizable=yes,width='+width+',height='+height+',top='+Math.floor((h - height)/2-14)+',left='+Math.floor((w - width)/2-5));[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • window.open(url, '', 'status=no,scrollbars=yes,resizable=yes,width='+width+',height='+height+',top='+Math.floor((h - height)/2-14)+',left='+Math.floor((w - width)/2-5));[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • window.open(url);[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
Warnings
Comments
Comments should be removed from the public code of a web application, since it can give an aggressor critical insights into the inner structure of the program. By using this information, the attacker could easier understand how the user session is handled by javascript or figure out the pathway data is sent to the server.
  • /* /bitrix/js/main/rating_like.js*/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* /bitrix/js/main/core/core_popup.js*/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* /bitrix/js/main/core/core_date.js*/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* /bitrix/js/main/core/core.js*/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* /bitrix/js/main/core/core_ajax.js*/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* /bitrix/js/main/json/json2.min.js*/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* /bitrix/js/main/core/core_ls.js*/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* /bitrix/js/main/session.js*/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* /bitrix/js/main/core/core_window.js*/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* /bitrix/js/main/utils.js*/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* Start:/bitrix/js/main/core/core.js*/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /**********************************************************************/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /*********** Bitrix JS Core library ver 0.9.0 beta ********************/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /**********************************************************************/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* ready */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* list of registered proxy functions */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* getElementById cache */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* List of denied event handlers */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* list of registered event handlers */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* list of registered custom events */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* list of external garbage collectors */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* list of loaded CSS files */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* list of loaded JS files */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* browser detection */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* regexps */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* OO emulation utility */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* DOM manipulation */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* CSS-notation should be used here */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* params: { obj : html node className : className value recursive : used only for older browsers to optimize the tree traversal, in new browsers the search is always recursively, default - true } Search all nodes with className*/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* params: { obj : html node className : className value recursive : used only for older browsers to optimize the tree traversal, in new browsers the search is always recursively, default - true } Search first node with className*/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* params: { tagName|tag : 'tagName', className|class : 'className', attribute : {attribute : value, attribute : value} | attribute | [attribute, attribute....], property : {prop: value, prop: value} | prop | [prop, prop] } all values can be RegExps or strings*/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* events */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* custom events */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* BX.addCustomEvent(eventObject, eventName, eventHandler) - set custom event handler for particular object BX.addCustomEvent(eventName, eventHandler) - set custom event handler for all objects*/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* shift parameters for short version */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* shift parameters for short version */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* shift parameters for short version */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /*eventObject == window || */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* ready */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* browser detection */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* low-level fx funcitons*/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* some useful util functions */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* {'param1': 'value1', 'param2': 'value2'} */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* window pos functions */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* non-xhr loadings */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /******* HINT ***************/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* ready */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* \ready */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* garbage collector */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* for (i = 0, len = proxyList.length; i < len; i++) { try { delete proxyList[i]; proxyList[i] = null; } catch (e) {} }*/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* \garbage collector */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* data storage */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* End */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* Start:/bitrix/js/main/core/core_ajax.js*/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /*other parameters: url: url to get/post data: data to post onsuccess: successful request callback. BX.proxy may be used. onfailure: request failure callback. BX.proxy may be used. lsId: local storage id - for constantly updating queries which can communicate via localStorage. core_ls.js neededany of the default parameters can be overridden. defaults can be changed by BX.ajax.Setup() - for all further requests!*/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* simple interface */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* load and execute external file script with onload emulation */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* non-xhr loadings */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /*arObs = [{ url: url, type: html|script|json|css, callback: function}]*/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* ajax form sending */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* user options handling */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* End */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* Start:/bitrix/js/main/json/json2.min.js*/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* End */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* Start:/bitrix/js/main/core/core_ls.js*/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* localStorage public interface */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* localStorage prototype */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /************** IE 7 ******************/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /************** IE 8 & FF 3.6 ***************/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* additional functions */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /***************** initialize *********************/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* End */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* Start:/bitrix/js/main/session.js*/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* End */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* Start:/bitrix/js/main/core/core_window.js*/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* windows manager */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* base button class */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* base window class */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* dialog window class extends window class */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* standard bitrix dialog extends BX.CWindowDialog */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* arParams = { ( title: 'dialog title', head: 'head block html', content: 'dialog content', icon: 'head icon classname or filename', resize_id: 'some id to save resize information'// useless if resizable = false ) or ( content_url: url to content load loaded content scripts can use BX.WindowManager.Get() to get access to the current window object ) height: window_height_in_pixels, width: window_width_in_pixels, draggable: true|false, resizable: true|false, min_height: min_window_height_in_pixels, // useless if resizable = false min_width: min_window_width_in_pixels, // useless if resizable = false buttons: [ 'html_code', BX.CDialog.btnSave, BX.CDialog.btnCancel, BX.CDialog.btnClose ] }*/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /*'99% center'*/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /*BUTTON: { title: 'title', 'action': function executed in window object context}BX.CDialog.btnSave || BX.CDialog.btnCancel - standard buttons*/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* special child for admin forms loaded into public page */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* class for dialog window with editors */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* class for wizards in admin section */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* class for auth dialog */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* MENU CLASSES */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* menu opener class */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /*{ DOMNode DIV, BX.CMenu or Array MENU, TYPE = 'hover' | 'click', TIMEOUT: 1000 ATTACH_MODE: 'top' | 'right' ACTIVE_CLASS: className for opener element when menu is opened}*/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* common menu class */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* if (BX.browser.IsIE() && !BX.browser.IsDoctype()) { pos.top -= 4; pos.bottom -= 4; pos.left -= 2; pos.right -= 2; }*/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* components toolbar class */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /*, true*/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* global page opener class */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /*this.isMenuVisible() || this.DIV.style.display == 'none' || */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /******* HINT ***************/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /*************************** admin informer **********************************/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* End */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* Start:/bitrix/js/main/utils.js*/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /*alert("Error! jsUtils.EvalGlobal");*/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /************************************************/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /*Restrict drag*/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /*shadow*/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /************************************************/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /************************************************/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /************************************************/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /************************************************/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* End */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* Start:/bitrix/js/main/core/core_popup.js*/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /*========================================Buttons===========================================*/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /************** utility *************/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* End */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* Start:/bitrix/js/main/core/core_date.js*/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* PHP to Javascript: time() = new Date() mktime(...) = new Date(...) gmmktime(...) = new Date(Date.UTC(...)) mktime(0,0,0, 1, 1, 1970) != 0 new Date(1970,0,1).getTime() != 0 gmmktime(0,0,0, 1, 1, 1970) == 0 new Date(Date.UTC(1970,0,1)).getTime() == 0 date("d.m.Y H:i:s") = BX.date.format("d.m.Y H:i:s") gmdate("d.m.Y H:i:s") = BX.date.format("d.m.Y H:i:s", null, null, true); */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* 15.04.12 13:00:00 => 15.04.12 13:00 00:01:00 => 00:01 4 may 00:00:00 => 4 may 01-01-12 00:00 => 01-01-12 */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* function creates and returns Javascript Date() object from server timestamp regardless of local browser (system) timezone. For example can be used to convert timestamp from some exact date on server to the JS Date object with the same value. params: { timestamp: timestamp in seconds } */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* function transforms server timestamp (in sec) to javascript timestamp (calculated depend on local browser timezone offset). Returns timestamp in milliseconds. Also see BX.date.getNewDate description. params: { timestamp: timestamp in seconds } */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* function transforms local browser timestamp (in ms) to server timestamp (calculated depend on local browser timezone offset). Returns timestamp in seconds. params: { timestamp: timestamp in milliseconds } */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /************************************** calendar class **********************************/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /*params: { node: bind element || document.body value - start value in site format (using 'field' param if 'value' does not exist) callback - date check handler. can return false to prevent calendar closing. callback_after - another handler, called after date picking field - field to read/write data bTime = true - whether to enable time control bHideTime = false - whether to hide time control by default currentTime - current UTC time()}*/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /**************** compatibility hacks ***************************/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /************ clock popup transferred from timeman **************/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* End */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* Start:/bitrix/js/main/rating_like.js*/[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /* End */[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • /*! jQuery v1.11.3 | (c) 2005, 2015 jQuery Foundation, Inc. | jquery.org/license */[https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js]
  • /*! * Bootstrap v3.3.7 (http://getbootstrap.com) * Copyright 2011-2017 Twitter, Inc. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) */[https://pra-academy.ru/bitrix/templates/module_2017/js/bootstrap.min.js]
  • /*! * Generated using the Bootstrap Customizer (http://getbootstrap.com/customize/?id=096cb1cecbe71e4d8217f753f98cd9d5) * Config saved to config.json and https://gist.github.com/096cb1cecbe71e4d8217f753f98cd9d5 */[https://pra-academy.ru/bitrix/templates/module_2017/js/bootstrap.min.js]
  • /*! * Jasny Bootstrap v3.1.3 (http://jasny.github.io/bootstrap) * Copyright 2012-2014 Arnold Daniels * Licensed under Apache-2.0 (https://github.com/jasny/bootstrap/blob/master/LICENSE) */[https://pra-academy.ru/bitrix/templates/module_2017/js/jasny-bootstrap.min.js]
  • /* $("#forward"+count).click(function(){ $(this).hide(); $("#back"+ count).hide(); $("#back"+ count++).show(); $("#forward"+ count++).show(); $("#showhide"+ count).hide(); $("#showhide"+ count--).hide(); $("#showhide"+ count++).show(); alert("#showhide"+ count); alert("#showhide"+ count--); alert("#showhide"+ count++); alert(typeof(count)); });*/[https://pra-academy.ru/bitrix/templates/module_2017/js/main.js]
Enabled Debugging
The JavaScript debugging functions should always removed after development stage, because they could expose informations on the inner workings of the code. In production, it is a loophole and could show a possible attacker where to find possibly exploitable vulnerabilities or interesting variables.
  • console.log('BX.debug: ', arguments.length > 0 ? arguments : arguments[0]);[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • console.log('Old value: ', option.oldValue);[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • console.log('New value: ', option.object[option.name]);[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • console.log(o);[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
Unsafe Functions
eval() is eval! This functions and similar ones (document.write(), document.writeln(), element.innerHTML, element.outerHTML, element.insertAdjacentHTML()) should never be used in production stage of a website, because the parsing of the executable string is often not secure and result therefore often in a cross-site scripting vulnerability. Instead of these functions create html elements by script and add it to the DOM object.
  • eval('result = ' + data);[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • eval('('+text+')');[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • eval(script);[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • document.write(BX.ajax.history.expected_hash);[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • document.write(new_hash);[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • document.write('<' + 'div id="__ajax_hash_collision_' + param_value + '" style="display: none;">');[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • document.write('</div>');[https://pra-academy.ru/bitrix/cache/js/s1/module_2017/kernel_main/kernel_main.js?1555664861380745]
  • eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('I af;I iG;I gK=\'\';J 1h(33){I ai=B;I dJ=[];I C;I 7w;I dv=\'\';I d1=S;I bU=S;I gb=S;I bM=S;I 3h=S;I 5K=S;I cL=S;I 6G=S;I i7=S;I 3l=S;I 9g=S;I 21=S;I d2=S;I e4=S;I jG=0;I jq=0;I 8S=S;I e8=S;I fK=S;I 9m=S;I fc=S;I fb=S;I lY=S;I j6=S;I m6=S;I g3=S;I f7=S;I 5T;I 9c;I 1n;I bH;I mi;I 9K;I 1f;I 2H;I pl;I 6i;I 8d;I 1E;I 3c;I 5u;I aD;I 6w;I 7e=0;I v;I sO;I 5d;I 5S;I 5Y;I 9J=4;I dD=0;I 2y;I 1u;I kB=0;I f9=0;I 3v;I hW;I 5D;I b5;I oo;I 3A;I 3J;I 44;I 4b;I 4N;I 5i;I 5g;I 5f;I 3G;I 3s;I 2w;I 62;I 4T;I 5b;I 6H;I 5U;I 4w;I d7;I 3M;I cg;I 5N;I 4c;I 3w;I 2Y;I 2i;I 2N;I 4U;I 6R;I 36;I 3m;I 7C;I 4R;I 5j;I 7X;I 6u;I 3P;I 4i;I 1L;I 3y;I 3X;I 2Z;I 4n;I 8M;I 1J;I 6g=0;I bO=S;I 4p;I 6h;I 9F;I gA;I gp;I fO;I gj=S;I 3r=[];I 3B;I 1N;I 1R;I 2x;I 1n;I 5Q=1o 1h.4r();[https://pra-academy.ru/bitrix/templates/module_2017/js/uppod-0.12.19.js]
Additional Information
Link Opener
The window.open("https://example.com/", "_blanc", "noopener"); attribute should always be added to the window.open() function, which open a site in a new tab, to reduce the risk of reverse tabnabbing. Otherwise javascript on the new page has full control over the previous visited page, including permission to change the DOM object and possibly steal session cookies.
Link Referrer
The window.open("https://example.com/", "_blanc", "referrer"); attribute should always be added to the window.open() function to prevent reverse tabnabbing for older browser, which do not support the noopener attribute and to prevent phishing attacks.
Comments
Comments should be removed from the public code of a web application, since it can give an aggressor critical insights into the inner structure of the program. By using this information, the attacker could easier understand how the user session is handled by javascript or figure out the pathway data is sent to the server.
Enabled Debugging
The JavaScript debugging functions should always removed after development stage, because they could expose informations on the inner workings of the code. In production, it is a loophole and could show a possible attacker where to find possibly exploitable vulnerabilities or interesting variables.
Unsafe Functions
eval() is eval! This functions and similar ones (document.write(), document.writeln(), element.innerHTML, element.outerHTML, element.insertAdjacentHTML()) should never be used in production stage of a website, because the parsing of the executable string is often not secure and result therefore often in a cross-site scripting vulnerability. Instead of these functions create html elements by script and add it to the DOM object.
Scanned URL(s)
Практическая академия муниципального управления: учись у лучших!