[VIM] SQL Buddy 'login.php' Multiple Cross Site Scripting Vulnerabilities
George Theall
gtheall at tenable.com
Tue Jul 15 19:00:57 CDT 2014
Himanshu / Dinesh / Narayan / Venkat / Rob : what exactly are the differences between the BID that was created today for SQL Buddy (68534) and 52066? The former appears to correspond to http://packetstormsecurity.com/files/127454/Sqlbuddy-1.3.2-1.3.3-Cross-Site-Scripting.html and in turn, be a rehash of Zero Science Lab’s advisory from over two years ago — http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5074.php ("SQL Buddy suffers from a XSS vulnerability when parsing user input to the 'DATABASE', 'HOST' and 'USER' parameters via POST method in ‘login.php’”).
George
--
theall at tenable.com
More information about the VIM
mailing list