E107 eCaptcha Cross Site Scripting

E107 eCaptcha Cross Site Scripting: Posted Sep 29, 2009; Authored by MustLive; The E107 eCaptcha plugin suffers from a cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | ce9b99226830c2e16bbd2cbe66a2246d99e928fdce2ecf419bc3fe81294b059b; Download | Favorite | View

E107 eCaptcha Cross Site Scripting

Hello Bugtraq!

I want to warn you about Cross-Site Scripting vulnerability in eCaptcha 
(plugin for E107). I found this hole in July 2008 and disclosed it at 
25.09.2008.

XSS:

POST query at page 
http://site/path/ecaptcha/?key=b7c9bf99e763252105f047a5ca5681d0

<script>alert(document.cookie)</script>
in field: Type Here.

Working key (ecaptcha_key) is required, which can be retrieved by script. 
Every key works only for one time.

Exploit:

http://websecurity.com.ua/uploads/2008/eCaptcha%20XSS.html

I mentioned about this vulnerability at my site 
(http://websecurity.com.ua/2253/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

Top Authors In Last 30 Days

Red Hat 396 files
Ubuntu 97 files
Debian 30 files
Rahad Chowdhury 21 files
BugsBD Limited 21 files
Gentoo 18 files
tmrswrr 13 files
Google Security Research 5 files
Ph0s 5 files
R0ckE7 5 files

File Archives

Systems

AIX (429)
Apple (2,037)
BSD (375)
CentOS (57)
Cisco (1,926)
Debian (6,914)
Fedora (1,692)
FreeBSD (1,246)
Gentoo (4,379)
HPUX (880)
iOS (363)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (47,862)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (486)
RedHat (14,631)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,142)
UNIX (9,340)
UnixWare (187)
Windows (6,607)
Other

E107 eCaptcha Cross Site Scripting

E107 eCaptcha Cross Site Scripting

File Archive:

December 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems

E107 eCaptcha Cross Site Scripting

Share This

E107 eCaptcha Cross Site Scripting

File Archive:

December 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems