Bolt CMS 3.2.14 Vulnerabilities: XSS through SVG File Upload and Stored XSS.

This post is about vulnerabilities which I found in Bolt CMS and POC's are created under Windows 10 platform.

# Exploit Title : Bolt CMS v3.2.14
# Exploit Author : Pranav Jagtap
# Tested On : Windows 10 64 Bit
# LinkedIn : iampranavjagtap
# Twitter :pranavH4x0r

XSS through SVG File Upload Vulnerability:


Authentication : Required

Description:

CMS allows upload of SVG file without checking the content of it.So If we upload SVG file containing JavaScript code in it then the CMS fails to check the content of it because the "Content-Type: image/svg+xml" header will make this attack works as it fails to recognize that uploaded SVG file has JS contents.

Please check out the video for more info.

POC VIDEO

==============================================================

 Stored XSS Vulnerability:


Authentication : Required

Description:

Bolt CMS is not properly validating and sanitizing the user input.By taking an advantage of this loophole an attacker is able to insert malicious the JavaScript and able to store it permanently into the website.

Please check out the video for more info.

POC VIDEO

Note:The vendor of this CMS has not accepted these vulnerabilities.