Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Re: Vulnerability in CB Captcha for Joomla and Mambo
From: none () gmail com
Date: Mon, 19 Apr 2010 17:38:20 -0600

I am 100% cretin that this is a vulnerability.   The exact problem is "Client Side Trust" in that you are expecting the 
client to keep its state over a security system (your captcha).   This is exploitable,  a bot can just grab a new 
session with each request.  You should be using a sql database to keep track of offenders based on their 
$_SERVER['REMOTE_ADDR'],  and nothing else. 

Further more if you build security systems you MUST be responsible for when they end up on bugtraq. 

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]