Share
## https://sploitus.com/exploit?id=62F85503-50FF-555E-A356-2461D0106502
# CVE-2023-41425

## Description
Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.

## Working
The attached exploit "exploit.py" performs the following actions:

1. It takes 3 arguments:
   - URL: where WonderCMS is installed (no need to know the password)
   - IP: attacker's Machine IP
   - Port No: attacker's Machine PORT
2. It generates an xss.js file (for reflected XSS) and outputs a malicious link.
3. As soon as the admin (logged user) opens/clicks the malicious link, a few background requests are made without admin acknowledgement to upload a shell via the upload theme/plugin functionality.
4. After uploading the shell, it executes the shell and the attacker gets the reverse connection of the server.

## PoC
![poc](https://github.com/user-attachments/assets/eb4a29aa-d66f-4089-8b1b-55f07c3282c4)


## References
1. https://gist.github.com/prodigiousMind/fc69a79629c4ba9ee88a7ad526043413
2. https://github.com/WonderCMS/wondercms/releases/tag/3.4.3