Bludit CSRF Remote Command Execution

From CSRF to server takeover

September 23, 2016

CSRF it's so critical?

Yesterday while i was auditing my own blog in order to fix all possibile bugs, i discovered a trivial but effective vulnerability affecting last version of Bludit CMS , the bug was a CSRF due to inexistence of a token during some requests in order to validate them. Usually this kind of vulnerabilities are considered "not critical" because of their nature, since user interaction is required. CSRF may lead to different vulnerabilities such as

  • Cross Site Scripting
  • Internal File Disclosure
  • Information Leak
  • SQL Injection