##### #####

1. ##### #####
2. # # ##### # # ##### ##### #### # # # # #### ##### ###### # #
3. # # # # # # # # # # # # # # # # ## ##
4. # # # # # # # # # ##### # #### # ##### # ## #
5. # ##### # ##### # # # # # # # # # #
6. # # # # # # # # # # # # # # # # # #
7. ##### # # # # # #### ##### # #### # ###### # #
8.  
9. ####### ###### #####
10. # # # ###### # # # # #### #### # ## # # # # # # # #
11. # # # # # # # # # # # # # ## # # # # # #
12. # ###### ##### ###### # # #### #### # # # # # # # #### # # #
13. # # # # # # # # # # # ###### # # # # # # # #
14. # # # # # # # # # # # # # # # # ## # # # # #
15. # # # ###### # # #### #### #### # # # # # ##### #### #
16.  
17. # ##### #####
18. # ## ##### #### # # # #
19. # # # # # # # #
20. # # # ##### #### ##### #####
21. # ###### # # # # #
22. # # # # # # # # #
23. ####### # # ##### #### ####### #######
24.  
25. ####### #####
26. # # # ###### # # # # # # # # ###### #####
27. # # # # # # # ## # ## # # # #
28. # ###### ##### # #### # # # # # # # # ##### # #
29. # # # # # # # # # # # # # # # #####
30. # # # # # # # # # ## # ## # # #
31. # # # ###### ##### #### # # # # ###### # #
32.  
33. ####### # # #
34. # # ## ## ## #### #### # #### # # ####
35. # # # # # # # # # # # # # # # # # # #
36. ##### # # # # # # # # # # # # #### # #
37. # # # # ###### # ### # # # # # # # # #
38. # # # # # # # # # # # # # # # # #
39. ####### ###### # # # # #### #### ####### #### # # ####
40.  
41.  
42.  
43. Statement.
44. Enjoy your rest of your day sweet mastercard.
45. It's time to cryptocurrency
46.  
47.  
48.  
49.  
50. server: https://216.119.209.235
51.  
52.  
53. Using the POST HTTP method, Nessus found that :
54.  
55. + The following resources may be vulnerable to blind SQL injection :
56.  
57. + The 'username' parameter of the /pkmslogin.form CGI :
58.  
59. /pkmslogin.form [login-form-type=token&password=699117&username=zztoken&
60. password=699117&username=yy]
61.  
62. -------- output --------
63. <!--- END Cookie check block --->
64.  
65.  
66. <BR>
67. <!--
68. -------- vs --------
69. <!--- END Cookie check block --->
70.  
71. HPDIA0200W Authentication failed. You have used an invalid user name,
72. password or client certificate.
73. <BR>
74. <!--
75. ------------------------
76.  
77. /pkmslogin.form [login-form-type=token&password=699117&username=zztoken&
78. password=699117&username=yy] {2}
79.  
80. -------- output --------
81. <!--- END Cookie check block --->
82.  
83.  
84. <BR>
85. <!--
86. -------- vs --------
87. <!--- END Cookie check block --->
88.  
89. HPDIA0200W Authentication failed. You have used an invalid user name,
90. password or client certificate.
91. <BR>
92. <!--
93. ------------------------
94.  
95. /pkmslogin.form [login-form-type=token&password=699117&username=zztoken&
96. password=699117&username=yy] {3}
97.  
98. -------- output --------
99. <!--- END Cookie check block --->
100.  
101.  
102. <BR>
103. <!--
104. -------- vs --------
105. <!--- END Cookie check block --->
106.  
107. HPDIA0200W Authentication failed. You have used an invalid user name,
108. password or client certificate.
109. <BR>
110. <!--
111. ------------------------
112.  
113. + The 'password' parameter of the /pkmslogin.form CGI :
114.  
115. /pkmslogin.form [login-form-type=token&username=154601&password=zztoken&
116. username=154601&password=yy]
117.  
118. -------- output --------
119. <!--- END Cookie check block --->
120.  
121.  
122. <BR>
123. <!--
124. -------- vs --------
125. <!--- END Cookie check block --->
126.  
127. HPDIA0200W Authentication failed. You have used an invalid user name,
128. password or client certificate.
129. <BR>
130. <!--
131. ------------------------
132.  
133. /pkmslogin.form [login-form-type=token&username=154601&password=zztoken&
134. username=154601&password=yy] {2}
135.  
136. -------- output --------
137. <!--- END Cookie check block --->