Getting through captcha

Post Reply

Page <12

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
freakyfred Members Profile Find Members Posts Groupie Joined: 29 March 2007 Location: United Kingdom Status: Offline Points: 171	Post Options Post Reply Quote freakyfred Report Post Thanks(0) Quote Reply Posted: 12 October 2009 at 12:59pm
	Edited by freakyfred - 04 December 2009 at 2:28pm

WebWiz-Bruce Members Profile Find Members Posts Admin Group Web Wiz Developer Joined: 03 September 2001 Location: Bournemouth Status: Offline Points: 9844	Post Options Post Reply Quote WebWiz-Bruce Report Post Thanks(0) Quote Reply Posted: 12 October 2009 at 1:54pm
	The CAPTCHA code is stored in a session, once this has been submitted the session variable is destroyed so you have to generate a new CAPTCHA code and submit is again. The JavaScript they use doesn't matter at all. The problem is your own code you posted before, it is VERY dangerous for the reason that I listed earlier as you do not parse the user submitted data before you use it. You need to go back to your own code and parse each and every piece of data submitted removing any malicious code before you use it. This has to be done server side, not using JavaScript. You should never use Request("xxx") directly you should always place this into a variable and then parse the variable for malicious code before you use it.
	Web Wiz Forums Hosting ASP.NET Web Hosting

freakyfred Members Profile Find Members Posts Groupie Joined: 29 March 2007 Location: United Kingdom Status: Offline Points: 171	Post Options Post Reply Quote freakyfred Report Post Thanks(0) Quote Reply Posted: 12 October 2009 at 1:57pm
	I think I know where you are coming from. Thanks for your help.

WebWiz-Bruce Members Profile Find Members Posts Admin Group Web Wiz Developer Joined: 03 September 2001 Location: Bournemouth Status: Offline Points: 9844	Post Options Post Reply Quote WebWiz-Bruce Report Post Thanks(0) Quote Reply Posted: 12 October 2009 at 2:01pm
	This being for email pay particular attention to removing semicolons (;) as this can be used to list multiple email address for a single submission hack that will relay to 1000's of email addresses in one go.
	Web Wiz Forums Hosting ASP.NET Web Hosting

freakyfred Members Profile Find Members Posts Groupie Joined: 29 March 2007 Location: United Kingdom Status: Offline Points: 171	Post Options Post Reply Quote freakyfred Report Post Thanks(0) Quote Reply Posted: 12 October 2009 at 2:35pm
	it doesn't work like that it uses numbers but i have removed all requests from the main parts

Post Reply	Page <12

Forum Jump

Forum Permissions View Drop Down

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot delete your posts in this forum
You cannot edit your posts in this forum
You cannot create polls in this forum
You cannot vote in polls in this forum

About Web Wiz | Contact Web Wiz | Terms & Conditions | Cookies | Privacy Notice

Web Wiz is the trading name of Web Wiz Ltd. Company registration No. 05977755. Registered in England and Wales.
Registered office: Web Wiz Ltd, Unit 18, The Glenmore Centre, Fancy Road, Poole, Dorset, BH12 4FB, UK.

Prices exclude VAT at 20% unless otherwise stated. VAT No. GB988999105 - $, € prices shown as a guideline only.