Cross-Site Scripting vulnerability in eCaptcha

Hello Bugtraq!

I want to warn you about Cross-Site Scripting vulnerability in eCaptcha 
(plugin for E107). I found this hole in July 2008 and disclosed it at 
25.09.2008.

XSS:

POST query at page 
http://site/path/ecaptcha/?key=b7c9bf99e763252105f047a5ca5681d0

<script>alert(document.cookie)</script>
in field: Type Here.

Working key (ecaptcha_key) is required, which can be retrieved by script. 
Every key works only for one time.

Exploit:

http://websecurity.com.ua/uploads/2008/eCaptcha%20XSS.html

I mentioned about this vulnerability at my site 
(http://websecurity.com.ua/2253/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua 



Replies to this exploit:

From: code@greycube.com
Sent: Tue 6. Oct 2009 11:32
Thank you to MustLive for reporting this to me directly in 2008.  Affected versions were 2.1 and below ( any version where the key is in the URL )

This was fixed in next release, and hopefully you can put on the solutions page to upgrade to 3.x


From: code@greycube.com
Sent: Tue 6. Oct 2009 11:32
Thank you to MustLive for reporting this to me directly in 2008.  Affected versions were 2.1 and below ( any version where the key is in the URL )

This was fixed in next release, and hopefully you can put on the solutions page to upgrade to 3.x


From: code@greycube.com
Sent: Tue 6. Oct 2009 11:32
Thank you to MustLive for reporting this to me directly in 2008.  Affected versions were 2.1 and below ( any version where the key is in the URL )

This was fixed in next release, and hopefully you can put on the solutions page to upgrade to 3.x


From: code@greycube.com
Sent: Tue 6. Oct 2009 11:32
Thank you to MustLive for reporting this to me directly in 2008.  Affected versions were 2.1 and below ( any version where the key is in the URL )

This was fixed in next release, and hopefully you can put on the solutions page to upgrade to 3.x


From: code@greycube.com
Sent: Tue 6. Oct 2009 11:32
Thank you to MustLive for reporting this to me directly in 2008.  Affected versions were 2.1 and below ( any version where the key is in the URL )

This was fixed in next release, and hopefully you can put on the solutions page to upgrade to 3.x


From: code@greycube.com
Sent: Tue 6. Oct 2009 11:32
Thank you to MustLive for reporting this to me directly in 2008.  Affected versions were 2.1 and below ( any version where the key is in the URL )

This was fixed in next release, and hopefully you can put on the solutions page to upgrade to 3.x


From: code@greycube.com
Sent: Tue 6. Oct 2009 11:32
Thank you to MustLive for reporting this to me directly in 2008.  Affected versions were 2.1 and below ( any version where the key is in the URL )

This was fixed in next release, and hopefully you can put on the solutions page to upgrade to 3.x


From: code@greycube.com
Sent: Tue 6. Oct 2009 11:32
Thank you to MustLive for reporting this to me directly in 2008.  Affected versions were 2.1 and below ( any version where the key is in the URL )

This was fixed in next release, and hopefully you can put on the solutions page to upgrade to 3.x


From: code@greycube.com
Sent: Tue 6. Oct 2009 11:32
Thank you to MustLive for reporting this to me directly in 2008.  Affected versions were 2.1 and below ( any version where the key is in the URL )

This was fixed in next release, and hopefully you can put on the solutions page to upgrade to 3.x


From: code@greycube.com
Sent: Tue 6. Oct 2009 11:32
Thank you to MustLive for reporting this to me directly in 2008.  Affected versions were 2.1 and below ( any version where the key is in the URL )

This was fixed in next release, and hopefully you can put on the solutions page to upgrade to 3.x


From: code@greycube.com
Sent: Tue 6. Oct 2009 11:32
Thank you to MustLive for reporting this to me directly in 2008.  Affected versions were 2.1 and below ( any version where the key is in the URL )

This was fixed in next release, and hopefully you can put on the solutions page to upgrade to 3.x


From: code@greycube.com
Sent: Tue 6. Oct 2009 11:32
Thank you to MustLive for reporting this to me directly in 2008.  Affected versions were 2.1 and below ( any version where the key is in the URL )

This was fixed in next release, and hopefully you can put on the solutions page to upgrade to 3.x


From: code@greycube.com
Sent: Tue 6. Oct 2009 11:32
Thank you to MustLive for reporting this to me directly in 2008.  Affected versions were 2.1 and below ( any version where the key is in the URL )

This was fixed in next release, and hopefully you can put on the solutions page to upgrade to 3.x


From: code@greycube.com
Sent: Tue 6. Oct 2009 11:32
Thank you to MustLive for reporting this to me directly in 2008.  Affected versions were 2.1 and below ( any version where the key is in the URL )

This was fixed in next release, and hopefully you can put on the solutions page to upgrade to 3.x


From: code@greycube.com
Sent: Tue 6. Oct 2009 11:32
Thank you to MustLive for reporting this to me directly in 2008.  Affected versions were 2.1 and below ( any version where the key is in the URL )

This was fixed in next release, and hopefully you can put on the solutions page to upgrade to 3.x


From: code@greycube.com
Sent: Tue 6. Oct 2009 11:32
Thank you to MustLive for reporting this to me directly in 2008.  Affected versions were 2.1 and below ( any version where the key is in the URL )

This was fixed in next release, and hopefully you can put on the solutions page to upgrade to 3.x