Skip to content
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
CVE-Bins/DbNinja/
CVE-Bins/DbNinja/

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
png
 
 
 
 

DbNinja has Stored Cross-Site Scripting Vulnerability Description


Testing Target

Abstract

We discovered that the Add Host function of the Manage Hosts pages has Stored Cross-site Scripting (XSS) vulnerability in the User Name field. The attackers can insert malicious js, mining js and others.

Concept

  1. We download the latest version from the official website and build default environment.

  2. Sign in to your own database account and click Manage Hosts.

  3. Click Add Hosts and insert XSS Payload in the User Name field. Finally click on the Save button.

  • <img src=a onerror=alert(1)>
  1. Now we double click on the new_host_1 icon and the sample XSS is executed successfully.