Sunday, December 11, 2011

Google reCAPTCHA Wordpress Plugin - Reflected Cross-Site Scripting ( XSS ) Vulnerability

The reCAPTCHA WordPress plugin uses a CAPTCHA to prevent comment spam and also uses MailHide to prevent email spam  

Script Page : 

http://localhost/comment-page-1/?rcommentid=(id number)&rerror=XSS

Google dork: inurl:rcommentid= error=

 A lot of sites use this plugin , so please don't be a bad boy ;)

sorry @w3af - Bonsai / Andres Riancho

No comments: