Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
29 lines (26 sloc) 1.36 KB

DBNinja ver 3.2.7 Reflect Cross-Site Script (R-XSS) Vulnerability Description


Testing Target

Summary

DBNinja ver 3.2.7 exist Reflect Cross-Site Script (R-XSS) and incorrect access control vulnerability.

Description

When \dbninja\_users\admin folder exist tasks.php file, the DBNinja ver 3.2.7 could occur Reflect Cross-Site Script (R-XSS) vulnerability. In order to implement this vulnerability, need to use the data.php file with incorrect access control.

Concept

  1. Build testing environment.
  2. View the source code of \dbninja\_includes\online.php, then observe there used parameter task and file tasks.php.
  3. For exploitation, must create a file tasks.php in folder \dbninja\_users\admin.
  4. In non-login status, use following payload can implement R-XSS vulnerability. In addition to the before-mentioned problem, there is also the problem of incorrect access control in data.php.
    Payload: http://127.0.0.1/dbninja/data.php?online=&task=<script>alert('XSS_TEST')</script>
You can’t perform that action at this time.