CVE-2023-46501 PoC — BoltWire 安全漏洞

Source

https://github.com/Cyber-Wo0dy/CVE-2023-46501

Associated Vulnerability

Title:BoltWire 安全漏洞 (CVE-2023-46501)
Description:BoltWire是一款免费的、多功能的类维基架站引擎，它采用PHP语言开发，拥有类似资料库的资讯管理能力。 BoltWire v.6.03版本存在安全漏洞，该漏洞源于允许远程攻击者通过精心设计的有效载荷获取敏感信息，以查看和更改管理员密码。

Description

BoltWire v6.03 vulnerable to "Improper Access Control"

Readme

# CVE-2023-46501 - BoltWire v6.03 - Improper Access Control

## Description
In version **6.03 of BoltWire CMS**, it is possible to exploit an “Improper Access Control” vulnerability, through the `index.php?p=member.admin&action=data` parameter, allowing an attacker to view any member's password, including the from the admin, thus allowing the theft of information, arbitrary changes to data or manipulation of the application for malicious purposes.

## To Fix
Update to the latest version of BoltWire CMS.


## Steps to Reproduce:

**1)** Create a new member.
![step 1](img/1.png)

**2)** Access the following URL:
`http://domain.com/folder/index.php?p=member.admin&action=data`

_Note:_ replace _`http://domain.com/folder/`_ with the address of the application to be tested.

**3)** As a result, you will be able to view the admin password.
![step 3](img/2.png)

**4)** To view other users' passwords, simply change the _“admin”_ parameter in the URL provided above to another user's name, for example `member.user`.

File Snapshot


 [4.0K]  /data/pocs/3d2d44ab25677300ec99c70dfd80d6f9c491c83f
├── [4.0K]  img
│   ├── [ 49K]  1.png
│   └── [ 76K]  2.png
└── [1.0K]  README.md

1 directory, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!