Page 1 of 1

Captcha ZDR - leave comments

Posted: Thu Apr 19, 2007 8:14 am
by zdrsoft
Please review and leave your comment about that new captcha class writen in PHP.

Captcha ZDR anti spamm protection

Best regards
zdrsoft

Posted: Thu Apr 19, 2007 10:42 am
by timvw
Since you generate html that simply outputs session_id() i'm affraid it opens your form for XSS attacks... (all the user needs to know is the session_name and then he can request the form with ?%session_name%=%some xss attack vector% )

OK

Posted: Fri Apr 20, 2007 4:00 pm
by zdrsoft
timvw wrote:Since you generate html that simply outputs session_id() i'm affraid it opens your form for XSS attacks... (all the user needs to know is the session_name and then he can request the form with ?%session_name%=%some xss attack vector% )
Thank you for your advice. I'll fix that.

Posted: Wed Apr 25, 2007 3:08 am
by Mordred
Ask this guy for an oppinion: http://sam.zoy.org/pwntcha/
(Здрасти;)