[VIM] SQL Buddy 'login.php' Multiple Cross Site Scripting Vulnerabilities
Himanshu Mehta
Himanshu_Mehta at symantec.com
Wed Jul 23 08:54:22 CDT 2014
Hi,
It was reported again recently by different reporter and reference was also missing for old report. BID: 68534 is retired as a duplicate of BID: 52066.
Thanks,
Himanshu
-----Original Message-----
From: vim-bounces at attrition.org [mailto:vim-bounces at attrition.org] On Behalf Of George Theall
Sent: Wednesday, July 16, 2014 5:31 AM
To: Vulnerability Information Managers
Subject: [VIM] SQL Buddy 'login.php' Multiple Cross Site Scripting Vulnerabilities
Himanshu / Dinesh / Narayan / Venkat / Rob : what exactly are the differences between the BID that was created today for SQL Buddy (68534) and 52066? The former appears to correspond to http://packetstormsecurity.com/files/127454/Sqlbuddy-1.3.2-1.3.3-Cross-Site-Scripting.html and in turn, be a rehash of Zero Science Lab's advisory from over two years ago - http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5074.php ("SQL Buddy suffers from a XSS vulnerability when parsing user input to the 'DATABASE', 'HOST' and 'USER' parameters via POST method in 'login.php'").
George
--
theall at tenable.com
More information about the VIM
mailing list