DbNinja has Stored Cross-Site Scripting Vulnerability Description
- Author: YUNG-HAO TSENG, Eddie TC CHANG, YU-HSIANG HUANG
- Contact: 0xuhaw@gmail.com; eddietcchang@gmail.com; huang.yuhsiang.phone@gmail.com
Testing Target
- Product:DbNinja
- Version:3.2.7
- Official Website:https://www.dbninja.com/
- Affect:All Version <= 3.2.7
Abstract
We discovered that the Add Host function of the Manage Hosts pages has Stored Cross-site Scripting (XSS) vulnerability in the User Name field. The attackers can insert malicious js, mining js and others.




