SQL Buddy version 1.3.3 suffers from a cross site scripting vulnerability.
095875585ce631e64d373c32b8720f8e6015352923ad899af5491bf668b70e5d
Security Advisory - Curesec Research Team
1. Introduction
Affected Product: SQL Buddy 1.3.3
Fixed in: not fixed
Fixed Version Link: n/a
Vendor Contact: nom@deliciousbrains.com
Vulnerability Type: XSS
Remote Exploitable: Yes
Reported to vendor: 08/18/2015
Disclosed to public: 10/07/2015
Release mode: Full Disclosure
CVE: n/a
Credits Tim Coen of Curesec GmbH
2. Vulnerability Description
There is an XSS vulnerability via the "requestKey" GET parameter in SQL Buddy
1.3.3. With this, it is possible to steal cookies or inject JavaScript
keyloggers.
Please note that the POC only works if the victim is not logged in.
3. Proof of Concept
http://localhost/sqlbuddy/index.php?ajaxRequest=1&requestKey="></script><script>alert(1)</script>
4. Solution
This issue was not fixed by the vendor.
5. Report Timeline
08/18/2015 Informed Vendor about Issue (no reply)
09/16/2015 Reminded Vendor of release date (no reply)
10/07/2015 Disclosed to public
Blog Reference:
http://blog.curesec.com/article/blog/SQL-Buddy-133-XSS-60.html