Insufficient Validation of Client-side Data in Ninja Blog

vendor:

Ninja Blog

by:

Danny Moules

CVSS

CRITICAL

Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF)

CWE

Product Name: Ninja Blog

Affected Version From: Ninja Blog 4.8

Affected Version To: May also affect earlier versions

Patch Exists: NO

Related CWE:

CPE: a:ninjadesigns:ninja_blog:4.8

Metasploit:

Other Scripts:

Platforms Tested:

2009

Insufficient Validation of Client-side Data in Ninja Blog

Due to insufficient validation of client-side data, an attacker can inject scripts directly into the file-based storage used for blog comments. This allows for XSS attacks where a malicious script is executed when the comment is viewed, or CSRF attacks where the user is redirected to a malicious website and performs unintended actions.

Mitigation:

To mitigate this vulnerability, the vendor should implement proper validation and sanitization of client-side data before storing it. Additionally, users should be educated about the risks of executing scripts from untrusted sources and should avoid clicking on suspicious links.

Source

Exploit-DB raw data:

Vendor: http://ninjadesigns.co.uk
Version(s): Ninja Blog 4.8 (May also affect earlier versions)
Credit: Danny Moules
Critical: Yes

See PUSH 55 Advisory at https://www.push55.co.uk/index.php?s=ad&id=7

----

Due to insufficient validation of client-side data, we can inject script directly into the file-based storage used for blog comments.

When making a new comment, we simply fill the "posted" hidden field's value with...

<script>alert('xss');<script>"

...for an XSS attack OR...

<script>window.location="http://bank.example/withdraw?account=bob&amount=1000000&for=mallory"</script>

...for a CRSF attack and otherwise submit the comment as usual.

Whenever that comment is viewed, the script is executed.

# milw0rm.com [2009-01-19]