Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
27 lines (24 sloc) 1013 Bytes

DBNinja ver 3.2.7 Broken Authentication Vulnerability Description


Testing Target

Summary

DBNinja ver 3.2.7 exist broken authentication vulnerability.

Description

The attacker designed a URL with a specific sessid, if the victim browsed the URL and then logged into NinjaDB. The attacker can login to NinjaDB as the victim by using this sessid.

Concept

  1. Design a URL with a specific sessid, and the victim browsed the URL.
    Payload: http://127.0.0.1/dbninja/data.php?sessid=exploittest&action=ver
  2. Then the victim login as the admin account.
  3. An attacker can use the victim's permission to operate DBNinja.
You can’t perform that action at this time.