Genel, Slider, Web Güvenliği, Yazılarım

Bolt CMS < 3.6.2 - CROSS-SITE SCRIPTING VULNERABILITY

Yazılarımı Paylaşabilirsiniz
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Proof of Concept


To exploit vulnerability, Bolt CMS <3.6.2 allows XSS via text input click preview button as demonstrated by the Title field of a Configured and New Entry.

CVE: CVE-2018-19933


What is XSS:

Reflected Cross-site Scripting (XSS) occur when an attacker injects browser executable code within a single HTTP response. The injected attack is not stored within the application itself; it is non-persistent and only impacts users who open a maliciously crafted link or third-party web page. The attack string is included as part of the crafted URL or HTTP parameters, improperly processed by the application, and returned to the victim.


Proof of Concept Video


Screenshots

Source: https://github.com/rdincel1/Bolt-CMS-3.6.2—Cross-Site-Scripting 

  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Bir cevap yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir