Ninja Blog 4.8 CSRF/HTML Injection Vulnerability

ID EDB-ID:7834
Type exploitdb
Reporter Danny Moules
Modified 2009-01-19T00:00:00


Ninja Blog 4.8 (CSRF/HTML Injection) Vulnerability. Webapps exploit for php platform

Version(s): Ninja Blog 4.8 (May also affect earlier versions)
Credit: Danny Moules
Critical: Yes

See PUSH 55 Advisory at


Due to insufficient validation of client-side data, we can inject script directly into the file-based storage used for blog comments.

When making a new comment, we simply fill the "posted" hidden field's value with...


...for an XSS attack OR...


...for a CRSF attack and otherwise submit the comment as usual.

Whenever that comment is viewed, the script is executed.

# [2009-01-19]