Popular Web-Hosting Platform Bluehost Riddled along with Flaws #Bluehost_ComFebruary 12, 2019
A researcher has uncovered several one-click client-side vulnerabilities in the popular Bluehost web hosting platform.
These would allow cybercriminals to easily carry out complete account takeover, according to the analysis.
Without such sequestration, malicious code lurking on one website that the user has open could be used to easily harvest data from any other website opened in the browser.
Essentially, any website with a Bluehost domain name ( https://my.bluehost.com/ ) will allow another website with a Bluehost domain name to read its contents.
A second, moderately-high flaw would allow account takeover because of improper JSON request validation, opening the door to cross-site request forgery (CSRF).
This means any website can actually send the request to that specific endpoint cross-origin, and change your details.”
Normally, Bluehost checks if the referrer domain is bluehost.com – if the request is sent from any other website, Bluehost will reject the request with a 500 response.
“This vulnerability allows an attacker to execute commands as the client on bluehost.com – this means the ability to change, modify and add content, including the email address,” the report explained.
Here, instead of not verifying the domain, Bluehost doesn’t verify the scheme/protocol when allowing CORS to read its contents, meaning that it will allow access by an HTTP domain request (i.e., the traffic is unencrypted).