jblack
01-05-2010, 05:13 PM
I emailed the Administrator of this site a couple of months back about an exploit in the image verification code posted on this site. The URL to this page can be found here (http://www.thewebhelp.com/php/php_contact_form_with_image_validation/)
The problem with this code is that it is storing the MD5 hash in a cookie. The server then relies on the client (Which isn't trusted) to send the same hash back to it. An easy exploit is where someone captures a valid hash for a single code (Say 1234). Now to send an email through your server, all we have to do is send the hash for 1234 and 1234 in the image verification field and we'll send email every time.
The solution to this problem is to store the answers on the server itself. I've rewritten the code using sessions and it is attached. If someone could please shake the Admin for this site and have them update their code, I'd appreciate it.
Thank you.
The problem with this code is that it is storing the MD5 hash in a cookie. The server then relies on the client (Which isn't trusted) to send the same hash back to it. An easy exploit is where someone captures a valid hash for a single code (Say 1234). Now to send an email through your server, all we have to do is send the hash for 1234 and 1234 in the image verification field and we'll send email every time.
The solution to this problem is to store the answers on the server itself. I've rewritten the code using sessions and it is attached. If someone could please shake the Admin for this site and have them update their code, I'd appreciate it.
Thank you.