Skip to content
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
CVE-Bins/MyWebSQL/
CVE-Bins/MyWebSQL/

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
png
 
 
 
 

MyWebSQL has Stored Cross-Site Scripting Vulnerability Description


Testing Target

  • Product:MyWebSQL
  • Version:3.7
  • Official Website:http://mywebsql.net/
  • Affect:All Version <= 3.7

Abstract

We discovered that the Add User function of the User Manager pages has Stored Cross-site Scripting (XSS) vulnerability in the User Name Field. The attackers can insert malicious js, mining js and others.

Concept

  1. We download the latest version from the official website and build default environment.

  2. Sign in to your own database account and click Tools -> User Manager pages.

  3. Click Add User Function.

  4. Now we insert XSS Payload in the User Name field and click the Add User button.

  • <img src=a onerror=alert(100)>
  1. Return to the login page and log in with payload user.

  2. Great the easy payload successful execute.