Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

DBNinja ver 3.2.7 Broken Authentication Vulnerability Description


Testing Target

Summary

DBNinja ver 3.2.7 exist broken authentication vulnerability.

Description

The attacker designed a URL with a specific sessid, if the victim browsed the URL and then logged into NinjaDB. The attacker can login to NinjaDB as the victim by using this sessid.

Concept

  1. Design a URL with a specific sessid, and the victim browsed the URL.
    Payload: http://127.0.0.1/dbninja/data.php?sessid=exploittest&action=ver
  2. Then the victim login as the admin account.
  3. An attacker can use the victim's permission to operate DBNinja.