Scan your site now

Security Report Summary
E
Site:
Scanned Site(s):
1
IP Address:
39.109.4.114
Report Time:
30 Nov 2020 02:19:47 UTC
Checks:
Window Referrer
Window Opener
Comments
Enabled Debugging
Unsafe Functions
Warning:
Please have a look at the security issues / warnings in the report.
Security Issues
Window Referrer
  • window.open(this.childNodes[1].src);[http://www.52ts.com/source/script_common.js]
Warnings
Comments
Comments should be removed from the public code of a web application, since it can give an aggressor critical insights into the inner structure of the program. By using this information, the attacker could easier understand how the user session is handled by javascript or figure out the pathway data is sent to the server.
  • /* [UCenter Home] (C) 2007-2008 Comsenz Inc. $Id: script_cookie.js 10737 2008-12-17 01:41:36Z zhengqingpeng $*/[http://www.52ts.com/source/script_cookie.js]
  • /** Get a cookie's value * * @param integer key The token used to create the cookie * @return void */[http://www.52ts.com/source/script_cookie.js]
  • /** Set a cookie * * @param integer key The token that will be used to retrieve the cookie * @param string value The string to be stored * @param integer ttl Time To Live (hours) * @param string path Path in which the cookie is effective, default is "/" (optional) * @param string domain Domain where the cookie is effective, default is window.location.hostname (optional) * @param boolean secure Use SSL or not, default false (optional) * * @return setted cookie */[http://www.52ts.com/source/script_cookie.js]
  • /** Unset a cookie * * @param integer key The token that will be used to retrieve the cookie * @param string path Path used to create the cookie (optional) * @param string domain Domain used to create the cookie, default is null (optional) * @return void */[http://www.52ts.com/source/script_cookie.js]
  • /** Return GTM date string of "now" + time to live * * @param integer ttl Time To Live (hours) * @return string */[http://www.52ts.com/source/script_cookie.js]
  • /** Return true if cookie functionnalities are available * * @return boolean */[http://www.52ts.com/source/script_cookie.js]
  • /** If Firebug JavaScript console is present, it will dump cookie string to console. * * @return void */[http://www.52ts.com/source/script_cookie.js]
  • /* [UCenter Home] (C) 2007-2008 Comsenz Inc. $Id: script_common.js 13191 2009-08-18 03:14:55Z xupeng $*/[http://www.52ts.com/source/script_common.js]
  • /* [UCenter Home] (C) 2007-2008 Comsenz Inc. $Id: script_menu.js 12767 2009-07-20 06:01:49Z zhengqingpeng $*/[http://www.52ts.com/source/script_menu.js]
  • /* [UCenter Home] (C) 2007-2008 Comsenz Inc. $Id: script_ajax.js 12670 2009-07-14 07:43:56Z liguode $*/[http://www.52ts.com/source/script_ajax.js]
  • /* [UCenter Home] (C) 2007-2008 Comsenz Inc. $Id: script_manage.js 13178 2009-08-17 02:36:39Z liguode $*/[http://www.52ts.com/source/script_manage.js]
  • /** * 插入涂鸦 * @param String fid: 要关闭的层ID * @param String oid: 要插入到对象的目标ID * @param String url: 涂鸦文件的地址 * @param String tid: 切换标签ID * @param String from: 涂鸦从哪来的 * @return 没有返回值 */[http://www.52ts.com/source/script_manage.js]
Enabled Debugging
The JavaScript debugging functions should always removed after development stage, because they could expose informations on the inner workings of the code. In production, it is a loophole and could show a possible attacker where to find possibly exploitable vulnerabilities or interesting variables.
  • console.log(document.cookie.split(';'));[http://www.52ts.com/source/script_cookie.js]
Unsafe Functions
eval() is eval! This functions and similar ones (document.write(), document.writeln(), element.innerHTML, element.outerHTML, element.insertAdjacentHTML()) should never be used in production stage of a website, because the parsing of the executable string is often not secure and result therefore often in a cross-site scripting vulnerability. Instead of these functions create html elements by script and add it to the DOM object.
  • document.writeln('<img id="img_seccode" src="'+img+'" align="absmiddle">');[http://www.52ts.com/source/script_common.js]
Additional Information
Link Opener
The window.open("https://example.com/", "_blanc", "noopener"); attribute should always be added to the window.open() function, which open a site in a new tab, to reduce the risk of reverse tabnabbing. Otherwise javascript on the new page has full control over the previous visited page, including permission to change the DOM object and possibly steal session cookies.
Link Referrer
The window.open("https://example.com/", "_blanc", "referrer"); attribute should always be added to the window.open() function to prevent reverse tabnabbing for older browser, which do not support the noopener attribute and to prevent phishing attacks.
Comments
Comments should be removed from the public code of a web application, since it can give an aggressor critical insights into the inner structure of the program. By using this information, the attacker could easier understand how the user session is handled by javascript or figure out the pathway data is sent to the server.
Enabled Debugging
The JavaScript debugging functions should always removed after development stage, because they could expose informations on the inner workings of the code. In production, it is a loophole and could show a possible attacker where to find possibly exploitable vulnerabilities or interesting variables.
Unsafe Functions
eval() is eval! This functions and similar ones (document.write(), document.writeln(), element.innerHTML, element.outerHTML, element.insertAdjacentHTML()) should never be used in production stage of a website, because the parsing of the executable string is often not secure and result therefore often in a cross-site scripting vulnerability. Instead of these functions create html elements by script and add it to the DOM object.
Scanned URL(s)
鍞愬北绀惧尯|鎴戠埍鍞愬北绀惧尯 - Powered by UCenter Home