Hello team of Wordpress!
I am Simone and I am here to report a XSS on gravatar!
I think that you don't believe me, but it's true, because I have found 171 XSS with different directory and parametrers!
Let's the details:
Proof of concept of the XSS (Only two):
How to reproduce it:
1)Create an HTML file with this code:
See the pastebin link for the HTML CODE: http://pastebin.com/fsAKWTe1
2)Open it on Mozilla, Like this..poc below:
3)Now, the payload is something like: "onmouseover='prompt(916137)'bad="> right? Well, pass the mouse on "JSON" or "XML" or etc and you will see the alert! :)
FINAL POC: http://grabilla.com/04318-ff2c5eea-0491-4841-977a-a4b7b1fafc9e.html
Well, my report finish here,
Thanks and best regards,