How secure is linkdr.com? Grade E

HIGH

Cross-site scripting vulnerability

User input rendered without proper sanitization.

#1 of 7

HIGH

SQL injection risk detected

Database queries constructed using unsanitized user input.

#2 of 7

HIGH

Insecure deserialization

Untrusted data deserialized without validation.

#3 of 7

HIGH

Missing access control

Endpoints lack proper authorization checks.

#4 of 7

HIGH

Cross-site scripting vulnerability

User input rendered without proper sanitization.

#5 of 7

HIGH

SQL injection risk detected

Database queries constructed using unsanitized user input.

#6 of 7

LOW

Missing Content-Security-Policy Header

The Content-Security-Policy header is not set

Finding #7 of 7

The Content-Security-Policy header is not set. CSP provides defense-in-depth against XSS and data injection attacks by restricting resource loading sources.

Location

https://linkdr.com

Remediation

Add a Content-Security-Policy header in next.config.js:

async headers() {
  return [{
    source: '/(.*)',
    headers: [
      { key: 'Content-Security-Policy', value: "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline';" },
    ],
  }]
}

linkdr.com

Attack Surface

Routes (35)

Custom Headers (3)

Security Findings

Cross-site scripting vulnerability

SQL injection risk detected

Insecure deserialization

Missing access control

Cross-site scripting vulnerability

SQL injection risk detected

Missing Content-Security-Policy Header