← Advisories

SQL Buddy 1.3.3 (GET/POST) Multiple Remote Cross-Site Scripting Vulnerabilities

Medium

Advisory ID

ZSL-2012-5074

Release Date

17 February 2012

Vendor

Calvin Lough - http://www.sqlbuddy.com

Affected Version

1.3.3

CVE

N/A

Tested On

Microsoft Windows XP Professional SP3 (EN), Apache 2.2.21, PHP 5.3.9, MySQL 5.5.20

Summary

SQL Buddy is an open source web based MySQL administration application.

Description

SQL Buddy suffers from a XSS vulnerability when parsing user input to the 'DATABASE', 'HOST' and 'USER' parameters via POST method in 'login.php', and the 'db' parameter in 'dboverview.php' via GET method. Attackers can exploit these weaknesses to execute arbitrary HTML and script code in a user's browser session.

Proof of Concept

sqlbuddy_xss.htmlTXT

Disclosure Timeline

N/A

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]http://secunia.com/advisories/48013/

[2]http://www.osvdb.org/show/osvdb/79343

[3]http://www.osvdb.org/show/osvdb/79344

[4]http://www.securityfocus.com/bid/52066

[5]http://packetstormsecurity.org/files/109923/SQL-Buddy-1.3.3-Cross-Site-Scripting.html

[6]http://cxsecurity.com/issue/WLB-2012020151

[7]http://xforce.iss.net/xforce/xfdb/73298

Changelog

17.02.2012Initial release

18.02.2012Added reference [5] and [6]

21.02.2012Added reference [7]