Continue our talk about last participant of the project - Peter’s Random Anti-Spam Image. It is captcha plugin for WordPress.
This is popular captcha plugin which is using at many sites. So there are many web sites which are in risk with it. Vulnerable version of plugin is Peter’s Random Anti-Spam Image 0.2.4 (and all previous).
This captcha is vulnerable for XSS. As I wrote in article MoBiC-05 Bonus: Google CAPTCHA bypass, there are vulnerabilities in captchas different from Insufficient Anti-automation (and I’ll write about some of them). This Cross-Site Scripting hole I found 03.11.2007.
POST query in comment form in comment field:
This exploit for educational purposes only. Don’t use this hole and exploit for malicious purposes.
You need to setup exploit to test it (set site’s URL and others data).
Moral: try to make captchas without XSS holes.