Коментарі для запису: MoBiC-26 Bonus: XSS in Captcha!

від: Boriel

Sat, 22 Dec 2007 22:21:40 +0000

Don’t know why, but Firefox Warning is no longer appearing. : so users better install NoScript! extension.

Regarding your Captcha, it is very unsecure, since it allows OCR attack (chars are easily recognisable by a program).

від: Boriel

Sat, 22 Dec 2007 21:54:18 +0000

Hi! As said here: http://www.boriel.com/2006/05/27/bye-bye-captcha/ Captcha! is bit unmaintaned (I will fix this today, anyway). This hack won’t work for Firefox (at less on 2.0.0.11) users, as javascript submits will display a warning message and an “Ok” button. But maybe in IE, they will do.