Cross-Site Request Forgery (CSRF) in publify/publify
Oct 9th 2021
An attacker is able to craft an URL with special parameters, what contains the theme switching command. Upon sending the malicious link to a logged-in administrator, the theme is being changed.
Proof of Concept
With an admin user, simply open the following URL (please replace the hostname):
Within the default installation, there are 2 themes:
Just simply replace the value with the theme name, and the selected will be activated.
Upon an administrator receives a link containing the change of the site's theme, can lead to bricking the site, because in the case of more complex themes, the mapping might not work properly