[+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AS-JSPMYSQLADMINISTRADOR-0904.txt Vendor: ================================ JSPMySQL Administrador https://sites.google.com/site/mfpledon/producao-de-software Product: ================================ JSPMySQL Administrador v.1 is a remote administration of MySQL databases that are on a Web server using JSP technology Vulnerability Type: =================== CSRF & XSS CVE Reference: ============== N/A Vulnerability Details: ===================== 1) No CSRF token exists allowing remote attackers to run arbitrary SQL commands on the MySQL database. 2) XSS entry point exists on the listaBD2.jsp web page opening up the application for client side browser code execution. In either case get victim to visit our malicious webpage or click on our malicious linx then KABOOOOOOOOOOOOOOOOOOOOOOM!!! Exploit code(s): =============== 1- CSRF to drop the default MySQL database on the remote server: ---------------------------------------------------------------- JSP-MYSQL-ADMIN-CSRF