Bolt CMS 3.2.14 Vulnerabilities: XSS through SVG File
Upload and Stored XSS.
This post is about vulnerabilities which I found in Bolt CMS and POC's are created under Windows 10 platform.
# Exploit Title : Bolt CMS v3.2.14
# Exploit Author : Pranav Jagtap
# Tested On : Windows 10 64 Bit
# LinkedIn : iampranavjagtap
# Twitter :pranavH4x0r
XSS through SVG File Upload Vulnerability:
Authentication : Required
Description:
CMS allows upload of SVG file without checking the content of it.So If we upload SVG file
containing JavaScript code in it then the CMS fails to check the content of it
because the "Content-Type: image/svg+xml" header will make this attack
works as it fails to recognize that uploaded SVG file has JS contents.
POC VIDEO
==============================================================
Stored XSS Vulnerability:
Authentication : Required
Description:
Bolt CMS is not properly validating and sanitizing the user input.By taking an advantage of this loophole an attacker is able to insert malicious the JavaScript and able to store it permanently into the website.
Please check out the video for more info.
POC VIDEO
Note:The vendor of this CMS has not accepted these vulnerabilities.
No comments:
New comments are not allowed.