CVE-2023-41425

This exploit leverages an XSS vulnerability in WonderCMS 3.4.2 to achieve remote code execution by tricking a victim into executing a malicious JavaScript payload that installs a PHP web shell. The exploit sets up an HTTP server to host the malicious files and provides a reverse shell command.

This repository contains a functional exploit for CVE-2023-41425, which leverages a Cross-Site Scripting (XSS) vulnerability in Wonder CMS to achieve Remote Code Execution (RCE). The exploit generates a malicious JavaScript file and a crafted link that, when clicked by an admin, uploads a reverse shell and establishes a connection to the attacker's machine.

This repository contains a functional Python exploit for CVE-2023-41425, targeting WonderCMS 4.3.2. The exploit automates the creation of a malicious ZIP theme module and a JavaScript-based XSS payload to hijack an admin session and deploy a PHP reverse shell.

This repository contains a functional exploit for CVE-2023-41425, which targets a Cross-Site Scripting (XSS) vulnerability in Wonder CMS versions 3.2.0 to 3.4.2. The exploit chains XSS to achieve Remote Code Execution (RCE) by serving a malicious JavaScript payload locally and tricking an admin into executing it.

This repository contains a functional exploit for CVE-2023-41425, leveraging an XSS vulnerability in Wonder CMS to achieve remote code execution by uploading a malicious ZIP file and triggering a reverse shell. The exploit requires admin access or social engineering to execute the XSS payload.

This repository contains a functional exploit for CVE-2023-41425, targeting WonderCMS versions 3.2.0 to 3.4.2. The exploit leverages an authenticated XSS vulnerability to achieve remote code execution by uploading a reverse shell payload via the theme/plugin upload feature.

This repository contains a functional exploit for CVE-2023-41425, a reflected XSS vulnerability in Wonder CMS that can be chained to achieve remote code execution via the `installModule` component. The exploit automates the creation of a malicious JavaScript file and a PHP web shell, then serves them via an HTTP server to trigger the vulnerability.

This repository contains a functional exploit for CVE-2023-41425, demonstrating an XSS to RCE vulnerability in Wonder CMS versions 3.2.0 to 3.4.2. The exploit leverages a stored XSS to install a malicious theme, achieving remote code execution.

This repository contains a functional exploit for CVE-2023-41425, an XSS vulnerability in WonderCMS versions 3.2.0 through 3.4.2. The exploit automates the process of generating a malicious JavaScript payload, uploading a reverse shell via the `installModule` component, and executing it to gain remote code execution.

This repository contains functional exploit scripts for CVE-2023-41425, leveraging an XSS vulnerability in WonderCMS 4.3.2 to achieve RCE via a reverse shell. The scripts automate the process of payload delivery and execution, requiring admin interaction to trigger the XSS.

This repository contains a functional exploit for CVE-2023-41425, which chains an XSS vulnerability to achieve RCE in Wonder CMS versions 3.2.0 to 3.4.2. The exploit generates a malicious ZIP file and XSS payload to trigger remote code execution via module installation.

This exploit leverages an XSS vulnerability in a web application to deliver a reverse shell payload. It generates a malicious JavaScript file that, when executed, fetches and installs a reverse shell module from an attacker-controlled server.

The repository contains a reference to a technical analysis of CVE-2023-41425, linking to a detailed blog post. However, no actual exploit code or technical details are present in the README itself.

This repository contains a functional exploit for CVE-2023-41425, which leverages an XSS vulnerability in WonderCMS versions 3.2.0 to 3.4.2 to achieve remote code execution (RCE) by uploading a malicious module. The exploit automates the process of generating a malicious JavaScript payload and hosting it for delivery to an admin user.

This Metasploit module exploits CVE-2023-41425, an authenticated file upload vulnerability in WonderCMS versions 3.2.0 to 3.4.2. It uploads a malicious ZIP file containing a PHP payload to achieve remote code execution.