Hi, I am trying to help a friend remove some unsolicited content from a forum that was posted without their consent by their. The site doesn't respond to requests to remove the content. The site doesn't seem susceptible to SQL Injection or XSS, at least from the methods I have tried (bare in mind I am a complete novice at this, so I might be over looking something). I am trying to get a user/e-mail list so I can target the actual person's account, or at the very least just get brief admin access to remove the content.
From the research I have done using various vulnerability scanners which highlighted possible vulnerabilities:
http to https redirect,
DNSSEC not enabled
HSTS header not prepared for preload list inclusion
HSTS header does not contain include SubDomains
HSTS header does not contain max-age
HTTP Strict Transport Security (HSTS) not enforced
Content Security Policy
Any assistance/help in this manner would be appreciated.