MoBiC-12 Bonus: Peter’s Random Anti-Spam Image XSS

22:48 12.11.2007

Continue our talk about last participant of the project - Peter’s Random Anti-Spam Image. It is captcha plugin for WordPress.

This is popular captcha plugin which is using at many sites. So there are many web sites which are in risk with it. Vulnerable version of plugin is Peter’s Random Anti-Spam Image 0.2.4 (and all previous).

This captcha is vulnerable for XSS. As I wrote in article MoBiC-05 Bonus: Google CAPTCHA bypass, there are vulnerabilities in captchas different from Insufficient Anti-automation (and I’ll write about some of them). This Cross-Site Scripting hole I found 03.11.2007.

XSS:

POST query in comment form in comment field:
</textarea><script>alert(document.cookie)</script>

Peter’s Random Anti-Spam Image XSS.html

This exploit for educational purposes only. Don’t use this hole and exploit for malicious purposes.

You need to setup exploit to test it (set site’s URL and others data).

Moral: try to make captchas without XSS holes.


2 відповідей на “MoBiC-12 Bonus: Peter’s Random Anti-Spam Image XSS”

  1. Peter каже:

    Is this a problem with the CAPTCHA or the WordPress comment form in general? Can you please explain how this cookie exploit interacts with the plugin?

  2. MustLive каже:

    Peter, it’s a problem with your captcha plugin. Because hole is not appearing with general sending XSS code in comment field, but it’s appearing when your plugin is used at the site.

    Can you please explain how this cookie exploit interacts with the plugin?

    You need to use my exploit (which you need to setup - edit this html file to set site’s URL) and you’ll see how it works and where the hole appears.

Leave a Reply

You must be logged in to post a comment.