Exploit for SofaWiki 3.9.2 Cross Site Scripting

Name: Exploit for SofaWiki 3.9.2 Cross Site Scripting
Rating: 5 (222 reviews)

2024-10-17 | CVSS 7.4

## https://sploitus.com/exploit?id=PACKETSTORM:182278
# Exploit Title: SofaWiki 3.9.2 - Reflected XSS (Authenticated) via Regex  
Replace Preview  
# Date: 10/17/2024  
# Exploit Author: Chokri Hammedi  
# Vendor Homepage: https://www.sofawiki.com  
# Software Link: https://www.sofawiki.com/site/files/snapshot.zip  
# Version: 3.9.2  
# Tested on: Windows XP  
  
*Summary:*  
  
A *reflected XSS* vulnerability exists in the *Regex Replace Preview*  
feature of SofaWiki. When a malicious payload is injected into the *Replace*  
field, the payload is executed immediately in the user’s browser during the  
preview.  
Proof of Concept (PoC):  
  
1. Login to SofaWiki.  
2. Go to Special => Regex :  
http://localhost/sofawiki/index.php?action=view&name=special:regex&lang=en  
  
3. In the Regex field, enter any text (e.g., test).  
4. In the Replace field, inject the following payload:  
  
<script>alert('XSS');</script>  
  
5. Click Replace Preview to trigger the XSS.