Affected Vendor:
www.topnew.net/sidu/
Credits: John Page ( hyp3rlinx )
Domains: hyp3rlinx.altervista.org
Source:
http://hyp3rlinx.altervista.org/advisories/AS-SIDU0513.txt
Product:
Sidu version 5.2 is a web based database front-end administration tool.
Sidu 5.2 is vulnerable to cross site scripting attacks.
Vendor Notification May 12, 2015
May 13, 2015: Public Disclosure
High
Request Method(s):
[+] GET
Vulnerable Product:
[+] Sidu 5.2
Vulnerable Parameter(s):
[+] sql=[XSS]
Affected Area(s):
[+] Admin of currently logged in user.
==============================
(hyp3rlinx)