Please review and leave your comment about that new captcha class writen in PHP.
Captcha ZDR anti spamm protection
Best regards
zdrsoft
Captcha ZDR - leave comments
Moderator: General Moderators
OK
Thank you for your advice. I'll fix that.timvw wrote:Since you generate html that simply outputs session_id() i'm affraid it opens your form for XSS attacks... (all the user needs to know is the session_name and then he can request the form with ?%session_name%=%some xss attack vector% )
Ask this guy for an oppinion: http://sam.zoy.org/pwntcha/
(Здрасти;)
(Здрасти;)