CTF Challenges
Bolt
Master advanced techniques and methodologies in ctf challenges
April 24, 2026
5 min read
AlphaSploit Team
31 views
This room is designed for users to get familiar with the Bolt CMS and how it can be exploited using Authenticated Remote Code Execution. You should wait for at least 3-4 minutes for the machine to start properly.
If you have any queries or feedback you can reach me through the TryHackMe Discord server or through Twitter.
Start the machine
1 What port number has a web server with a CMS running?
al3pha@sploit:/ctf/Bolt$ searchsploit bolt
----------------------------------------------------------------------------------- ---------------------------------
Exploit Title | Path
----------------------------------------------------------------------------------- ---------------------------------
Apple WebKit - 'JSC::SymbolTableEntry::isWatchable' Heap Buffer Overflow | multiple/dos/41869.html
Bolt CMS 3.6.10 - Cross-Site Request Forgery | php/webapps/47501.txt
Bolt CMS 3.6.4 - Cross-Site Scripting | php/webapps/46495.txt
Bolt CMS 3.6.6 - Cross-Site Request Forgery / Remote Code Execution | php/webapps/46664.html
Bolt CMS 3.7.0 - Authenticated Remote Code Execution | php/webapps/48296.py
Bolt CMS < 3.6.2 - Cross-Site Scripting | php/webapps/46014.txt
Bolthole Filter 2.6.1 - Address Parsing Buffer Overflow | multiple/remote/24982.txt
BoltWire 3.4.16 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities | php/webapps/36552.txt
BoltWire 6.03 - Local File Inclusion | php/webapps/48411.txt
Cannonbolt Portfolio Manager 1.0 - Multiple Vulnerabilities | php/webapps/21132.txt
CMS Bolt - Arbitrary File Upload (Metasploit) | php/remote/38196.rb
----------------------------------------------------------------------------------- ---------------------------------
Shellcodes: No Results