mooSocial 3.1.8 Exploit, Cross-Site Scripting (XSS) on User Login Page

# Exploit Title: mooSocial 3.1.8 - Cross-Site Scripting (XSS) on User Login Page
# Date: 26 September 2023
# Exploit Author: Astik Rawat (ahrixia)
# Vendor Homepage:
# Software Link:
# Version: 3.1.8
# Tested on: Windows 11
# CVE : CVE-2023-43325


A Cross Site Scripting (XSS) vulnerability exists on the user login page in mooSocial which is a social network website.

Steps to exploit:
1) Go to Login page on the website and login with credentials.
2) Insert your payload in the "data[redirect_url]" - POST Request
	Proof of concept (Poc):
	The following payload will allow you to execute XSS -

	Payload (Plain text):
	test"><img src=a onerror=alert(1)>test

	Payload (Base64 encoded) :

	Final Payload (Base64+Url encoded):

	POST Request on /moosocial/users/login (POST REQUEST DATA ONLY):

All rights reserved 2009 - 2024
Powered by: MVCP 2.0-RC / BVCP / ASPF-MILTER / PHP 7.4 / NGINX / FreeBSD