← Advisories

backupDB() v1.2.7a (onlyDB) Remote XSS Vulnerability

Low

Advisory ID

ZSL-2012-5089

Release Date

16 May 2012

Vendor

SiliSoftware - http://www.silisoftware.com

Affected Version

1.2.7a-201108021626

CVE

CVE-2012-2911

Tested On

Microsoft Windows XP Professional SP3 (EN), Apache 2.2.21, PHP 5.3.8, MySQL 5.5.20

Summary

backupDB() is a PHP script that backs up MySQL tables and databases to a file (uncompressed, gzip, bzip2) for easy daily backup.

Description

backupDB is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'onlyDB' parameter of the 'backupDB.php' script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.

Proof of Concept

backupdb_xss.txtTXT

Disclosure Timeline

N/A

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]http://cxsecurity.com/issue/WLB-2012050119

[2]http://packetstormsecurity.org/files/112801

[3]http://www.securityfocus.com/bid/53575

[4]http://www.1337day.com/exploits/18287

[5]http://xforce.iss.net/xforce/xfdb/75710

[6]http://www.osvdb.org/show/osvdb/82297

[7]http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-2911

Changelog

16.05.2012Initial release

18.05.2012Added reference [2], [3] and [4]

20.05.2012Added reference [5]

30.05.2012Added reference [6] and [7]