Skip to content
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
27 lines (24 sloc) 1013 Bytes

DBNinja ver 3.2.7 Broken Authentication Vulnerability Description

Testing Target


DBNinja ver 3.2.7 exist broken authentication vulnerability.


The attacker designed a URL with a specific sessid, if the victim browsed the URL and then logged into NinjaDB. The attacker can login to NinjaDB as the victim by using this sessid.


  1. Design a URL with a specific sessid, and the victim browsed the URL.
  2. Then the victim login as the admin account.
  3. An attacker can use the victim's permission to operate DBNinja.
You can’t perform that action at this time.