[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Cross-Site Scripting vulnerability in eCaptcha

To: <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] Cross-Site Scripting vulnerability in eCaptcha
From: "MustLive" <mustlive@xxxxxxxxxxxxxxxxxx>
Date: Mon, 28 Sep 2009 23:46:47 +0300

Hello Full-Disclosure!

I want to warn you about Cross-Site Scripting vulnerability in eCaptcha 
(plugin for E107). I found this hole in July 2008 and disclosed it at 
25.09.2008.

XSS:

POST query at page 
http://site/path/ecaptcha/?key=b7c9bf99e763252105f047a5ca5681d0

<script>alert(document.cookie)</script>
in field: Type Here.

Working key (ecaptcha_key) is required, which can be retrieved by script. 
Every key works only for one time.

Exploit:

http://websecurity.com.ua/uploads/2008/eCaptcha%20XSS.html

I mentioned about this vulnerability at my site 
(http://websecurity.com.ua/2253/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] WinRAR v3.80 - ZIP Filename Spoofing
Next by Date: Re: [Full-disclosure] Full Path Disclosure in most wordpress' plugins [?]
Previous by thread: [Full-disclosure] WinRAR v3.80 - ZIP Filename Spoofing
Next by thread: [Full-disclosure] Modifying SSH to Capture Login Credentials from Attackers
Index(es):
- Date
- Thread