vuthao / cool-php-captcha

Automatically exported from code.google.com/p/cool-php-captcha
GNU General Public License v3.0
0 stars 0 forks source link

security bug for repeated load of captcha #9

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
is needed to correct link with "Not readable? Change text."

you have no limit for reloading new image... that bad... very bad

my solution is ease

when create link to captha.php use ?tag=<ID>
$tag = md5(microtime(true));
and store it to $_SESSION['captcha'][$tag] = array('reload' => 0, 'text' => 
'right answer');

is needted to add <input type="hidden" name="captcha_tag" value=" $tag " /> to 
form in example-form.php

when you try validate sent form you have excatly what captcha to use (you 
cannot unset captcha of another page...ú

on reload update informacation ...['reaload']++ and chage right_answer
(it prevent change of answer for another page captcha)
if (...['reaload'] > 10) exit because of banned an show image that next iamge 
is banned

do understand?

PS: there 4 bugs I found in 15 minutes after download :o)

Original issue reported on code.google.com by svecp...@gmail.com on 31 Aug 2010 at 6:01