Tuesday, 29 March 2016

On 00:06 by admin   No comments
German penetration testing firm RedTeam Pentesting has found a cross-site scripting (XSS) weakness in the Securimage CAPTCHA programming, which could empower an aggressor to infuse discretionary JavaScript code through a made URL, as per a post Tuesday on the Full Disclosure mailing list.

Securimage is an open-source, free PHP CAPTCHA script for producing complex pictures and CAPTCHA codes to shield Web frames from spam or manhandle, the task clarified on its site. A CAPTCHA is a test utilized as a part of registering to figure out if the client is human.

The scientists clarified that the XSS defenselessness is high hazard. It permits executing self-assertive JavaScript code in clients' programs on the off chance that they get to URLs arranged by assailants. This gives numerous potential outcomes to further assaults against these clients. Since Securimage is generally utilized as a product library to give CAPTCHA usefulness to web applications, the weakness could be utilized to endeavor all web applications facilitated on the same space, they composed.

Securimage altered the XSS helplessness in the most recent variant of its CAPTCHA programming, form 3.6.4, and prescribed that clients redesign to the most recent rendition as quickly as time permits or erase example_form.ajax.php from the Securimage registry.


Post a comment