CVE-2023-46501 PoC — BoltWire 安全漏洞

Source

https://github.com/Cyber-Wo0dy/CVE-2023-46501

Associated Vulnerability

Title:BoltWire 安全漏洞 (CVE-2023-46501)
Description:An issue in BoltWire v.6.03 allows a remote attacker to obtain sensitive information via a crafted payload to the view and change admin password function.

Description

BoltWire v6.03 vulnerable to "Improper Access Control"

Readme

# CVE-2023-46501 - BoltWire v6.03 - Improper Access Control

## Description
In version **6.03 of BoltWire CMS**, it is possible to exploit an “Improper Access Control” vulnerability, through the `index.php?p=member.admin&action=data` parameter, allowing an attacker to view any member's password, including the from the admin, thus allowing the theft of information, arbitrary changes to data or manipulation of the application for malicious purposes.

## To Fix
Update to the latest version of BoltWire CMS.


## Steps to Reproduce:

**1)** Create a new member.
![step 1](img/1.png)

**2)** Access the following URL:
`http://domain.com/folder/index.php?p=member.admin&action=data`

_Note:_ replace _`http://domain.com/folder/`_ with the address of the application to be tested.

**3)** As a result, you will be able to view the admin password.
![step 3](img/2.png)

**4)** To view other users' passwords, simply change the _“admin”_ parameter in the URL provided above to another user's name, for example `member.user`.

File Snapshot


 [4.0K]  /data/pocs/3d2d44ab25677300ec99c70dfd80d6f9c491c83f
├── [4.0K]  img
│   ├── [ 49K]  1.png
│   └── [ 76K]  2.png
└── [1.0K]  README.md

1 directory, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!