| Title | ibwebadmin <= 1.0.2 Cross Site Scripting |
|---|
| Description | A reflected cross-site scripting (XSS) vulnerability was identified in the "ibwebadmin" database management application version 1.0.2 and earlier. This vulnerability occurs due to improper sanitization of the "db_login_role" parameter, which is sent via POST request and embedded directly into the page’s source code. As a result, an attacker could inject malicious JavaScript code into the page, breaking the application’s intended syntax and potentially allowing for unauthorized actions or data access.
By using Google Dorks, it is possible to find several applications exposed that utilize the system for Firebird database administration, including some hosting providers, such as "Kinghost":
"http://firebird.kinghost.com.br/"
"http://firebirdadmin.infonet.com.br/" |
|---|
| Source | ⚠️ https://docs.google.com/document/d/1_kk14QhqJuqMGzAD_SUlOSvCGwYdeF4gI8m7mVTPBAQ/edit?usp=sharing |
|---|
| User | gabriel (UID 72007) |
|---|
| Submission | 11/06/2024 17:57 (2 years ago) |
|---|
| Moderation | 11/15/2024 08:14 (9 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 284675 [IBPhoenix ibWebAdmin up to 1.0.2 Banco de Dados Tab /database.php db_login_role cross site scripting] |
|---|
| Points | 20 |
|---|