SQL Buddy 1.3.3 (GET/POST) Multiple Remote Cross-Site Scripting Vulnerabilities

Title: SQL Buddy 1.3.3 (GET/POST) Multiple Remote Cross-Site Scripting Vulnerabilities
Advisory ID: ZSL-2012-5074
Type: Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 17.02.2012
Summary
SQL Buddy is an open source web based MySQL administration application.
Description
SQL Buddy suffers from a XSS vulnerability when parsing user input to the 'DATABASE', 'HOST' and 'USER' parameters via POST method in 'login.php', and the 'db' parameter in 'dboverview.php' via GET method. Attackers can exploit these weaknesses to execute arbitrary HTML and script code in a user's browser session.
Vendor
Calvin Lough - http://www.sqlbuddy.com
Affected Version
1.3.3
Tested On
Microsoft Windows XP Professional SP3 (EN)
Apache 2.2.21
PHP 5.3.9
MySQL 5.5.20
Vendor Status
N/A
PoC
sqlbuddy_xss.html
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] http://secunia.com/advisories/48013/
[2] http://www.osvdb.org/show/osvdb/79343
[3] http://www.osvdb.org/show/osvdb/79344
[4] http://www.securityfocus.com/bid/52066
[5] http://packetstormsecurity.org/files/109923/SQL-Buddy-1.3.3-Cross-Site-Scripting.html
[6] http://cxsecurity.com/issue/WLB-2012020151
[7] http://xforce.iss.net/xforce/xfdb/73298
Changelog
[17.02.2012] - Initial release
[18.02.2012] - Added reference [5] and [6]
[21.02.2012] - Added reference [7]
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk