gentilogroup Posted February 18 Report Posted February 18 Va salut bajetilor! Poate pentru ca sunt incepator am impresia ca astea sunt niste portite dar daca nu ma insel, bine ca v-am informat! https://rstforums.com/less/main.less Missing CSP Header Passive Scan Request&Response < GET / HTTP/1.1 < Host: rstforums.com < User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36 < > HTTP/1.1 200 OK > Date: Tue, 18 Feb 2025 01:02:45 GMT > Server: Apache > Strict-Transport-Security: max-age=63072000; includeSubDomains; preload > X-Frame-Options: SameOrigin > X-Content-Type-Options: nosniff > X-XSS-Protection: 1; mode=block > Referrer-Policy: origin-when-cross-origin > Upgrade: h2 > Connection: Upgrade > Cache-Control: no-cache, no-store, must-revalidate > Pragma: no-cache > Expires: 0 > Transfer-Encoding: chunked > Content-Type: text/html; charset=UTF-8 > <!DOCTYPE html> <html ng-app="Feedr" ng-controller="MainCtrl"> <head> <meta charset="UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1" /> <title ng-if="notificationsCount">({{ notificationsCount }}) Activity Watcher • {{ app.title }}</title> <title ng-if="! notificationsCount">Activity Watcher • {{ app.title }}</title> <meta name="theme-color" content="{{ bgColor }}"> <meta name="msapplication-navbutton-color" content="{{ bgColor }}"> <meta name="apple-mobile-web-app-status-bar-style" content="{{ bgColor }}"> <link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/semantic-ui/2.2.4/semantic.min.css" /> <link rel="stylesheet/less" type="text/css" href="less/main.less" /> </head> <body ng-class="{ light: theme === 'light' }"> <div id="buttons"> <div id="toggle-user-sidebar" ng-click="toggleSidebar()" ng-if="app.user" ng-class="{ open: displaySidebar }"> <i class="user icon"></i> </div> <div ng-click="toggleTheme()"> <i class="lightbulb icon" data-content="Toggle {{ theme == 'light' ? 'Dark' : 'White' }} Theme"></i> </div> <div ng-click="toggleNotifications()"> <i class="alarm outline icon" ng-class="{ mute: ! notificationsEnabled }" data-content="{{ notificationsEnabled ? 'Mute' : 'Umute' }} Notifications"></i> </div> <div> <i class="options icon" ng-click="showActivityTypes = ! showActivityTypes"></i> <ul ng-show="showActivityTypes"> <li ng-click="changeActivityType('all')" ng-class="{ checked: activityType == 'all' }"> <i class="check icon"></i> All Activity </li> <li ng-click="changeActivityType('topic')" ng-class="{ checked: activityType == 'topic' }"> <i class="check icon"></i> Topics Activity </li> <li ng-click="changeActivityType('content')" ng-class="{ checked: activityType == 'content' }"> <i class="check icon"></i> Posts & Topics Activity </li> </ul> </div> <div ng-click="toggleBanlist()"> <i class="ban icon" data-content="Show Ban List"></i> </div> </div> <div id="wrapper" class="ui grid"> <div class="twelve wide column" ng-class="{ blurred: displaySidebar }"> <div id="header" class="padded"> <h1> <span class="blink" title="Auto-refreshing every 5 seconds">•</span> {{ app.shortTitle }} <span>Activity Watcher</span> </h1> <nav> <ul> <li ng-repeat="link in app.nav"> <a ng-class="{ focused: link.highlight }" href="{{ link.url | makeUrl }}" target="{{ link.target }}"> <i class="{{ link.icon }} icon"></i> {{ link.title }} </a> </li> </ul> </nav> <div class="clear"></div> </div> <div id="list"> <div class="ui dimmer" ng-class="{ active: ! activity.length, inverted: theme == 'light' }"> <div class="ui text loader">Loading initial activity...</div> </div> <div class="glow"></div> <div class="item" ng-repeat="item in activity | orderBy: '-timestamp'" ng-if="item.type != 'unsupported' && ! item.skip && ( activityType == 'all' || item.event == activityType || item.type == activityType)" ng-class="{ event: item.event == 'action', content: item.event == 'content', unfocused: item.unfocused }"> <a ng-attr-href="{{ item.url }}" target="_blank"> <table> <tr> <td class="author-avatar" ng-if="item.author_photo || item.type == 'join' || item.type == 'rep' || item.type.substr(0, 6) == 'follow'"> <div class="photo"> <img ng-if="item.author_photo && item.type != 'join' && item.type.substr(0, 6) != 'follow'" check-src="item.author_photo" /> <i class="user add icon" ng-if="item.type == 'join'"></i> <i class="plus icon" ng-if="item.type == 'rep' && item.title == 'positive'"></i> <i class="minus icon" ng-if="item.type == 'rep' && item.title != 'positive'"></i> <i class="eye icon" ng-if="item.type.substr(0, 6) == 'follow'"></i> </div> </td> <td class="content"> <div class="main" ng-if="item.event == 'content'"> <span ng-if="item.author_url"> <a href="{{ item.author_url }}" target="_blank"> <span class="author">{{ item.author }}</span> </a> </span> <span ng-if="item.author && ! item.author_url"> <span class="author">{{ item.author }}</span> </span> <span ng-if="item.type == 'post'"> replied to </span> <span ng-if="item.type == 'topic'"> started </span> <strong class="title">{{ item.title }}</strong> <span ng-if="item.category"> in <a href="{{ item.category_url }}" target="_blank">{{ item.category }}</a> </span> </div> <div class="event"> <div ng-if="item.type == 'join'"> <a href="{{ item.author_url }}" target="_blank"> <strong>{{ item.author }}</strong> </a> <span>has joined RST</span> </div> <div ng-if="item.type == 'follow_topic'"> <a href="{{ item.author_url }}" target="_blank"> <strong>{{ item.author }}</strong> </a> <span>is now following</span> <a href="{{ item.url }}" target="_blank"> <strong>{{ item.title }}</strong> </a> </div> <div ng-if="item.type == 'follow_user'"> <a href="{{ item.author_url }}" target="_blank"> <strong>{{ item.author }}</strong> </a> <span>is now following</span> <a href="{{ item.target_url }}" target="_blank"> <strong>{{ item.target }}</strong> </a> </div> <div ng-if="item.type == 'profile_photo'"> <a href="{{ item.author_url }}" target="_blank"> <strong>{{ item.author }}</strong> </a> <span>changed their profile photo</span> </div> <div ng-if="item.type == 'rep'"> <a href="{{ item.author_url }}" target="_blank"> <strong>{{ item.author }}</strong> </a> <span>gave <strong>{{ item.title }}</strong> reputation in</span> <a href="{{ item.target_url }}" target="_blank"> {{ item.target }} </a> </div> </div> <div class="post-content" ng-if="item.content"> <div ng-bind-html="item.content"></div> </div> </td> <td class="timestamp"> <timestamp date="item.timestamp * 1000"></timestamp> </td> </tr> </table> </a> </div> </div> </div> <div id="login" class="four wide column" ng-if="! app.user"> <h4>Are you a member?</h4> <h2>Please Login</h2> <form class="ui form" action="{{ app.url + '/login/' }}" method="POST"> <div class="field"> <input type="text" name="auth" placeholder="Username" /> </div> <div class="field"> <input type="password" name="password" placeholder="Password" /> </div> <div class="ui grid"> <div class="ten wide column"> Don't have an account? <a href="{{ app.url }}/register/">Register</a> </div> <div class="six wide column right aligned"> <button type="submit" class="ui green icon button"> <i class="sign in icon"></i> Sign In </button> </div> </div> <input type="hidden" name="remember_me" value="1"> <input type="hidden" name="_processLogin" value="usernamepassword"> <input type="hidden" name="csrfKey" value="{{ app.csrfKey }}" /> </form> </div> <div id="user" class="four wide column" ng-if="app.user" ng-class="{ open: displaySidebar }"> <div class="bar"> <table> <tr> <td> <div class="avatar"> <a href="{{ app.user.url }}" target="_blank"> <img check-src="app.user.avatar" /> </a> </div> </td> <td class="name"> <div class="greeting">Welcome back,</div> <div><a href="{{ app.user.url }}" target="_blank">{{ app.user.name }}</a></div> </td> </tr> </table> </div> <div class="tabs ui grid" ng-class="{ 'three columns': app.user.isMod, 'two columns': ! app.user.isMod }"> <div class="wide column" ng-click="selectTab('alerts')" ng-class="{ active: tab == 'alerts' }"> <div class="notification-counter" ng-if="$root.notificationsCounter.alerts">{{ $root.notificationsCounter.alerts }} </div> <i class="bell icon"></i> </div> <div class="wide column" ng-click="selectTab('inbox')" ng-class="{ active: tab == 'inbox' }"> <div class="notification-counter" ng-if="$root.notificationsCounter.inbox">{{ $root.notificationsCounter.inbox }} </div> <i class="envelope icon"></i> </div> <div class="wide column" ng-click="selectTab('reports')" ng-class="{ active: tab == 'reports' }" ng-if="app.user.isMod"> <div class="notification-counter" ng-if="$root.notificationsCounter.reports">{{ $root.notificationsCounter.reports }} </div> <i class="warning sign icon"></i> </div> </div> <div class="wrapper"> <list resource="alerts" csrfKey="app.csrfKey" ng-show="tab == 'alerts'"></list> <list resource="inbox" csrfKey="app.csrfKey" ng-show="tab == 'inbox'"></list> <list resource="reports" csrfKey="app.csrfKey" ng-show="tab == 'reports'" ng-if="app.user.isMod"></list> </div> </div> <div id="footer" class="sixteen wide column"> <span><i class="copyright icon"></i> <a href="{{ app.url }}">{{ app.title }}</a></span> <span class="right floated"><i class="code icon"></i> Developed by <a href="http://degecko.com" target="_blank">Gecko</a></span> </div> </div> <div id="banlist" ng-show="displayBanlist"> <div class="close" ng-click="displayBanlist = false"> <i class="close icon"></i> </div> <div> <h3>Banned Content</h3> <p>It only ignores activity content, not PMs or notifications.</p> <p>Separate each entry by a new line (enter).</p> <h3>Ignored Authors</h3> </div> <textarea ng-model="banned" placeholder="e.g.: john_doe_1337"></textarea> <div> <h3>Ignored Categories</h3> </div> <textarea ng-model="ignoredCategories" placeholder="e.g.: Cosul de gunoi"></textarea> </div> <div id="initializing-dimmer" class="ui dimmer" ng-class="{ active: initializing, inverted: theme === 'light' }"> <div class="ui large text loader"> Loading activity... </div> </div> <script type="text/javascript" src="js/less.min.js"></script> <script type="text/javascript" src="js/jquery-3.1.0.min.js"></script> <script type="text/javascript" src="js/angular.min.js"></script> <script type="text/javascript" src="js/angular-sanitize.min.js"></script> <script type="text/javascript" src="js/moment.min.js"></script> <script type="text/javascript" src="js/transition.min.js"></script> <script type="text/javascript" src="js/popup.min.js"></script> <script type="text/javascript" src="js/md5.min.js"></script> <script type="text/javascript" src="js/moment-precise-range.js"></script> <script type="text/javascript" src="js/config.js"></script> <script type="text/javascript" src="js/helpers.js"></script> <script type="text/javascript" src="js/app.js"></script> <script> (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-37219320-1', 'auto'); ga('send', 'pageview'); </script> </body> </html> https://rstforums.com/{{ app.url + '/login base-uri: Missing base-uri allows the injection of base tags. They can be used to set the base URL for all relative (script) URLs to an attacker controlled domain. We recommend setting it to 'none' or 'self'. script-src: script-src directive is missing. default-src: The default-src directive should be set as a fall-back when other restrictions have not been specified. object-src: Missing object-src allows the injection of plugins which can execute JavaScript. We recommend setting it to 'none'. Quote
Nytro Posted February 18 Report Posted February 18 Salut, nu sunt probleme iar in general scannerele automate sau unii "pentesteri" raporteaza astfel de "misconfigurations" care nu au niciun impact. Chiar daca ar fi setate, nu ar ajuta cu nimic in plus. 1 Quote
