漏洞标题：会话固定 - bluditv3.16.2

日期：2025年7月

漏洞作者：Andrey Stoykov

版本：3.16.2

测试环境：Debian 12

博客：https://msecureltd.blogspot.com/

会话固定 #1：

复现步骤：

访问登录页面。使用有效用户登录并观察会话ID未被更改

// 登录的HTTP POST请求

POST /bludit/admin/ HTTP/1.1 Host: 192.168.58.133 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:140.0) Gecko/20100101 Firefox/140.0 […]

tokenCSRF=551bee4a6e6d065481ec1d29d9b37335475ae1d0&username=admin&password=password&save=

// HTTP响应

HTTP/1.1 301 Moved Permanently Date: Tue, 03 Jun 2025 20:34:36 GMT Server: Apache/2.4.37 (Unix) OpenSSL/1.0.2q PHP/5.6.40 mod_perl/2.0.8-dev Perl/v5.16.3 X-Powered-By: Bludit Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Location: /bludit/admin/dashboard Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

通过Full Disclosure邮件列表发送 https://nmap.org/mailman/listinfo/fulldisclosure 网络存档和RSS：https://seclists.org/fulldisclosure/