XSS Vulnerability in SQL Buddy
Advisory by Netsparker (now Invicti)
Name: XSS Vulnerabilities in SQL Buddy
Software: SQL Buddy v1.3.3 and possibly below.
Vendor Homepage: http://sqlbuddy.com/
Vulnerability Type: Cross-site Scripting
Researcher: Omar Kurt
Advisory Reference: NS-14-019
SQL Buddy – Web-based MySQL administration
SQL Buddy is affected by XSS vulnerabilities in version 1.3.3.
Example PoC URLs are as follows:
- Cross-site Scripting
Learn more about Cross-site Scripting vulnerabilities:
22/04/2014 – First Contact
05/06/2014 – Advisory Released
It has been discovered on testing of Invicti Web Application Security Scanner.
Invicti can find and report security issues such as SQL Injection and Cross-site Scripting (XSS) in all web applications regardless of the platform and the technology they are built on.