Full Disclosure

Sqlbuddy Path Traversal Vulnerability

May 9, 2015 007admin Leave a comment

Posted by John Page on May 10

Read arbitrary server files:

Affected Vendor:
www.sqlbuddy.com

Credits: John Page ( hyp3rlinx )
Domains: hyp3rlinx.altervista.org

Source:
http://hyp3rlinx.altervista.org/advisories/AS-SQLBUDDY0508.txt

Product:
sqlbuddy version 1.3.3 SQL Buddy is an open source web based MySQL
administration application.

Advisory Information:
==============================
sqlbuddy suffers from directory traversal whereby a user can move about
directories an…

Leave a Reply Cancel reply

You must be logged in to post a comment.

Software and Security Information