# Exploit Title: mooSocial 3.1.8 - Cross-Site Scripting (XSS) on User Login Page
# Date: 26 September 2023
# Exploit Author: Astik Rawat (ahrixia)
# Vendor Homepage:
# Software Link:
# Version: 3.1.8
# Tested on: Windows 11
# CVE : CVE-2023-43325


A Cross Site Scripting (XSS) vulnerability exists on the user login page in mooSocial which is a social network website.

Steps to exploit:
1) Go to Login page on the website and login with credentials.
2) Insert your payload in the "data[redirect_url]" - POST Request 
	Proof of concept (Poc):
	The following payload will allow you to execute XSS - 
	Payload (Plain text): 
	test"><img src=a onerror=alert(1)>test 

	Payload (Base64 encoded) : 
	Final Payload (Base64+Url encoded): 

	POST Request on /moosocial/users/login (POST REQUEST DATA ONLY):