Skip to content
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
CVE-Bins/SIDU/Stored XSS/
CVE-Bins/SIDU/Stored XSS/

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
png
 
 
 
 

SIDU has Stored Cross-Site Scripting (XSS) Vulnerability Description


Testing Target

Abstract

We discovered the database name is not strictly filtered, the attacker can insert the name containing XSS Payload, that cause the vulnerability of stored xss occur.

Concept

  1. We download the latest version from the official website and build default environment.

  2. We use root account login database.

  3. Now we create a database name with XSS payload in the SQL query field and click Run.

  • payload:create database <marquee onMouseOver=alert('hippo')>hippo</marquee>;
  1. That's funny XSS payload starts executing.