My-Blog icon indicating copy to clipboard operation
My-Blog copied to clipboard
verified publisher icon ZHENFENG13

CAPTCHA reuse vulerability

Open NinjaGPT opened this issue 5 months ago • 0 comments

Summary

In the frontend blog article comment functionality, the verification code does not automatically refresh, making it reusable. Attackers can exploit this vulnerability to submit massive amounts of comments, exhausting database resources.

POC

Image Image Image

NinjaGPT avatar Jul 26 '25 07:07 NinjaGPT