Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

DBNinja ver 3.2.7 Reflect Cross-Site Script (R-XSS) Vulnerability Description


Testing Target

Summary

DBNinja ver 3.2.7 exist Reflect Cross-Site Script (R-XSS) and incorrect access control vulnerability.

Description

When \dbninja\_users\admin folder exist tasks.php file, the DBNinja ver 3.2.7 could occur Reflect Cross-Site Script (R-XSS) vulnerability. In order to implement this vulnerability, need to use the data.php file with incorrect access control.

Concept

  1. Build testing environment.
  2. View the source code of \dbninja\_includes\online.php, then observe there used parameter task and file tasks.php.
  3. For exploitation, must create a file tasks.php in folder \dbninja\_users\admin.
  4. In non-login status, use following payload can implement R-XSS vulnerability. In addition to the before-mentioned problem, there is also the problem of incorrect access control in data.php.
    Payload: http://127.0.0.1/dbninja/data.php?online=&task=<script>alert('XSS_TEST')</script>