kna.cz

HTML metadata

Technology

jQuery

1.8.3 known XSS (<3.5)

Stack

PHP

Third-party hosts loaded (2)

• eshop.cirkev.cz×6
• c1.navrcholu.cz×2

Social

• facebook

DNS records live

NS

• ns.gransy.com
• ns2.gransy.com
• ns3.gransy.com
• ns4.gransy.com
• ns5.gransy.com

MX

• 1 aspmx.l.google.com
• 10 alt3.aspmx.l.google.com
• 10 alt4.aspmx.l.google.com
• 5 alt1.aspmx.l.google.com
• 5 alt2.aspmx.l.google.com

Email authentication weak

SPF

v=spf1 mx a ptr include:_spf.google.com include:_emailing.heureka.cz ~all

softfail (~all)

DMARC

not published

DKIM

• default: k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkqiSTGcYycHoqJ1JT3OZWUZqc nCcQut5HSX6MpAOBnNp2e7YPs38A4iTt3lS/AZvCfnMyiaZdpRCe1foZ7pgVnzOc D…

selectors probed

Certificate (current) wrong cert

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 35/100 Checked over plain HTTP: http://www.kna.cz/

findings

• checked over plain HTTP
• missing Content Security Policy
• missing frame protection
• missing content type protection
• missing Referrer Policy
• missing Permissions Policy

Links to (8)

• webredakce.cz×1
• netservis.cz×1
• navrcholu.cz×1
• katechismus.cz×1
• ikarmel.cz×1
• iencyklopedie.cz×1
• facebook.com×1
• cirkev.cz×1

Linked from (4)

• rkfkostelnivydri.cz×1
• bip.cz×1
• karmelitanske-nakladatelstvi.cz×1
• donum.cz×1