关联漏洞
标题:BoltWire 跨站脚本漏洞 (CVE-2022-24227)Description:BoltWire是一款免费的、多功能的类维基架站引擎,它采用PHP语言开发,拥有类似资料库的资讯管理能力。 BoltWire存在跨站脚本漏洞,该漏洞允许攻击者通过名称和姓氏参数中的特制有效负载执行任意 Web 脚本或 HTML。
Description
CVE-2022-24227 [Updated]: BoltWire v8.00 vulnerable to "Stored Cross-site Scripting (XSS)"
介绍
# CVE-2022-24227 [Updated] - BoltWire v8.00 - Stored Cross-site Scripting (XSS)
## Description
_CVE-2022-24227 [Updated]_: In version **8.00 of BoltWire CMS**, the `First Name` and `Last Name` fields on the member registration completion page are also vulnerable to stored cross-site scripting (XSS) attacks, just like version 7.10. This type of attack allows malicious scripts to be executed.
## Fix Suggestion
Sanitize user entries in these fields.
## Steps to Reproduce:
**1)** Create a new member.
**2)** On the next page, you will be asked to enter the new member’s `First Name`, `Last Name` and `Country`. Here, fill in `First Name:` and `Last Name:` with the following payloads:
`First Name`:
```js
<script>alert(XSS)</script>
```
`Last Name`:
```js
<script>alert(document.cookie)</script>
```
**3)** As a result, when the administrator goes to the _“Members”_ page and tries to list recent members, the payloads will be triggered.
**4)** To view other users' passwords, simply change the _“admin”_ parameter in the URL provided above to another user's name, for example `member.user`.
### Reference
* [CVE-2022-2427 - Details](https://www.cvedetails.com/cve/CVE-2022-24227/)
文件快照
[4.0K] /data/pocs/469f4b5cf2aca109d5dd2a0852f27b622cbb51ad
├── [4.0K] img
│ ├── [ 49K] 1.png
│ ├── [ 74K] 2.png
│ └── [ 80K] 3.png
└── [1.2K] README.md
1 directory, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。