www.trendystock.com Scan Report
Made By H3Cio5
http://www.facebook.com/hecios.brain
-----------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------
Vulnerability Result
No.1
ReferURLhttp://www.TrendyStock.com/versionhistory.asp?CurrentVersion=0
ParameterCurrentVersion=0
TypeString
KWordActionURLjsekhararao
VulnerabilityURL SQL INJECTION
No.2
ReferURLhttp://www.trendystock.com/postviewsdetail.asp^submit=View --&txtScriptName=20 Microns Ltd.
ParametertxtScriptName=20 Microns Ltd.
TypeString
KWordActionURLTrendy
VulnerabilityPOST SQL INJECTION
No.3
ReferURLhttp://www.trendystock.com/Forum/active_topics.asp?SID=b347ec4af4a7d9ed4d1baf6c829fadcb&UA=Y
ParameterUA=Y
TypeString
KWordActionURLTrendyStock
VulnerabilityURL SQL INJECTION
No.4
ReferURLhttp://www.trendystock.com/Forum/active_topics.asp?SID=b347ec4af4a7d9ed4d1baf6c829fadcb&UA=99999999
ParameterUA=99999999
TypeInteger
KWordActionURLTrendyStock
VulnerabilityURL SQL INJECTION
No.5
ReferURLhttp://www.trendystock.com/
Parameteruserid
TypePOST
KWordActionURLhttp://www.trendystock.com/logincheck.asp^userid=WCRTESTINPUT000000<>%3c%3e%253c%253e&password=WCRTESTINPUT000001&comments=WCRTESTTEXTAREA000002
VulnerabilityCross Site Scripting(Form)
No.6
ReferURLhttp://www.trendystock.com/Forum/login_user.asp?SID=9d6cfzb22da6d63efz876a535ce7e641^password=WCRTESTINPUT000001&NS=1&returnURL=returnURL=default.asp&name=
Parametername=
TypeSearch
KWordActionURLForum
VulnerabilityPOST SQL INJECTION
No.7
ReferURLhttp://www.trendystock.com/logincheck.asp^userid=WCRTESTINPUT000000&Password=WCRTESTINPUT000001
ParameterPassword=!S!WCRTESTINPUT000001!E!
TypeString
KWordActionURLWCRTESTINPUT
VulnerabilityPOST SQL INJECTION
No.8
ReferURLhttp://www.trendystock.com/WebChat/default.asp^T1=WCRTESTINPUT000000&B1=Enter Chat
ParameterB1=Enter Chat
TypeString
KWordActionURLTrendyStock
VulnerabilityPOST SQL INJECTION
No.9
ReferURLhttp://www.trendystock.com/WebChat/default.asp^B1=Enter Chat&T1=WCRTESTINPUT000000
ParameterT1=!S!WCRTESTINPUT000000!E!
TypeString
KWordActionURLTrendyStock
VulnerabilityPOST SQL INJECTION
No.10
ReferURLhttp://www.trendystock.com/WebChat/default.asp
ParameterT1
TypePOST
KWordActionURLhttp://www.trendystock.com/WebChat/default.asp^T1=WCRTESTINPUT000000<>%3c%3e%253c%253e&B1=Enter Chat
VulnerabilityCross Site Scripting(Form)
No.11
ReferURLhttp://www.trendystock.com/forgotpasswordcheck.asp^UserId=WCRTESTINPUT000000&EMail=1
ParameterEMail=1
TypeInteger
KWordActionURLForgot
VulnerabilityPOST SQL INJECTION
No.12
ReferURLhttp://www.trendystock.com/forgotpasswordcheck.asp^UserId=WCRTESTINPUT000000&EMail=99999999
ParameterEMail=99999999
TypeString
KWordActionURLForgot
VulnerabilityPOST SQL INJECTION
No.13
ReferURLhttp://www.trendystock.com/Forum/forum_topics.asp?FID=3^PN=2
ParameterPN=2
TypeString
KWordActionURLdzafz
VulnerabilityCOOKIE SQL INJECTION
No.14
ReferURLhttp://www.trendystock.com/Forum/search_form.asp^Submit=Go&resultType=posts&AGE=6&searchIn=body&DIR=newer&forumID=0&FID=0&KW=WCRTESTINPUT000000
ParameterKW=!S!WCRTESTINPUT000000!E!
TypeString
KWordActionURLServer
VulnerabilityPOST SQL INJECTION
No.15
ReferURLhttp://www.trendystock.com/Forum/search_form.asp?SID=b347ec4af4a7d9ed4d1baf6c829fadcb
ParameterKW=99999999
TypeString
KWordActionURLhttp://www.trendystock.com/Forum/search_process.asp^USR=WCRTESTINPUT000001&Submit=Start Search&searchType=allWords&forumID=0&searchIn=body&AGE=0&DIR=newer&OrderBy=LastPost&resultType=posts&KW=99999999
VulnerabilityXPath INJECTION
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information