Securimage 3.5 URI-based Cross-Site Scripting Vulnerability

2013.05.10
Credit: Gjoko 'LiquidWorm' Krstic
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

Securimage 3.5 URI-based Cross-Site Scripting Vulnerability Vendor: Securimage PHP CAPTCHA Product web page: http://www.phpcaptcha.org Affected version: 3.5 Summary: Securimage is an open-source free PHP CAPTCHA script for generating complex images and CAPTCHA codes to protect forms from spam and abuse. Desc: Securimage suffers from a XSS issue in 'example_form.php' that uses the 'REQUEST_URI' variable. The vulnerability is present because there isn't any filtering to the mentioned variable in the affected script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session. --------------------------------------------------------------- /example_form.php: ------------------ 47: <form method="post" action="<?php echo $_SERVER['REQUEST_URI'] . $_SERVER['QUERY_STRING'] ?>" id="contact_form"> --------------------------------------------------------------- Tested on: Apache, PHP 5.3.6 Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience Advisory ID: ZSL-2013-5139 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5139.php 21.04.2013 -- http://localhost/securimage/example_form.php/"/><script>alert(document.cookie)</script>

References:

http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5139.php
http://www.phpcaptcha.org


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top