Block shuffling
Because ECB mode encrypts identical plaintext blocks to identical ciphertext blocks, the attacker can replace a ciphertext block with a known ciphertext block of their choice and the resulting plaintext block will be substituted with their desired block as well.
To carry out this attack, the attacker needs to have the ability to observe or manipulate ciphertext blocks in the communication channel.
Exploitation
Let's take the following code :
The user can forge arbitrary block into the username parameter :
Last updated