Check vulnerabilites for this French platform: 5euros.com

[herrmannelig]

Hi xssers, I would like to suggest to you this platform for microservices 5euros.com. It's been already 5 years that this platform started and now it's thriving. Although, I think that it's still "hackable" as long as they use some fragile techniques and libraries starting with:


https://xss.pro/chrome-extension%3A//gppongmhjkpfnbhagpmjfkannfbllamg/images/icons/Facebook.svgFacebook as widget

https://xss.pro/chrome-extension%3A//gppongmhjkpfnbhagpmjfkannfbllamg/images/icons/Google%20Analytics.svgGoogle Analytics Enhanced eCommerce and https://xss.pro/chrome-extension%3A//gppongmhjkpfnbhagpmjfkannfbllamg/images/icons/Google%20Analytics.svgGoogle Analytics for statistics tools

https://xss.pro/chrome-extension%3A//gppongmhjkpfnbhagpmjfkannfbllamg/images/icons/React.pngReact as Framework JavaScript

https://xss.pro/chrome-extension%3A//gppongmhjkpfnbhagpmjfkannfbllamg/images/icons/webpack.svgwebpack

https://xss.pro/chrome-extension%3A//gppongmhjkpfnbhagpmjfkannfbllamg/images/icons/CloudFlare.svgCloudflare as CDN

and jQuery 3.4.1
First of all, what do you think? I think that it's worth it as long as it showed many times some difficulties in resisting against DDOS attacks.

P.S: I am not an expert, I am just a watcher

 

[X4Crow]

I didn't check the target, but it is not very useful information for a pentenst.
The CDN usually needs to be bypassed. Analytics only serves to try, at times, to find other systems from the same owner. the widget is usually irrelevant. Focus more on CMS for example and what plugins you use, and their vulnerable services.