Session Fixation - bluditv3.16.2
Bludit v3.16.2 存在会话固定漏洞,攻击者可利用该漏洞劫持用户会话。具体表现为用户登录后会话ID未更新,导致攻击者可预测或控制会话标识符。该漏洞已在Debian 12环境中复现。建议用户及时更新至最新版本以修复此问题。 2025-7-8 02:50:48 Author: seclists.org(查看原文) 阅读量:14 收藏
Bludit v3.16.2 存在会话固定漏洞,攻击者可利用该漏洞劫持用户会话。具体表现为用户登录后会话ID未更新,导致攻击者可预测或控制会话标识符。该漏洞已在Debian 12环境中复现。建议用户及时更新至最新版本以修复此问题。 2025-7-8 02:50:48 Author: seclists.org(查看原文) 阅读量:14 收藏
Full Disclosure mailing list archives
From: Andrey Stoykov <mwebsec () gmail com>
Date: Sun, 6 Jul 2025 22:47:44 +0100
# Exploit Title: Session Fixation - bluditv3.16.2 # Date: 07/2025 # Exploit Author: Andrey Stoykov # Version: 3.16.2 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/ Session Fixation #1: Steps to Reproduce: Visit the login page. Login with valid user and observe that the sessionID has not been changed // HTTP POST request logging in POST /bludit/admin/ HTTP/1.1 Host: 192.168.58.133 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:140.0) Gecko/20100101 Firefox/140.0 [...] tokenCSRF=551bee4a6e6d065481ec1d29d9b37335475ae1d0&username=admin&password=password&save= // HTTP response HTTP/1.1 301 Moved Permanently Date: Tue, 03 Jun 2025 20:34:36 GMT Server: Apache/2.4.37 (Unix) OpenSSL/1.0.2q PHP/5.6.40 mod_perl/2.0.8-dev Perl/v5.16.3 X-Powered-By: Bludit Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Location: /bludit/admin/dashboard Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Current thread:
- Session Fixation - bluditv3.16.2 Andrey Stoykov (Jul 07)
文章来源: https://seclists.org/fulldisclosure/2025/Jul/0
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh