Results 1 to 5 of 5

Thread: How To Bypass PHP Session To Avoid Security Question

  1. #1
    Join Date
    Mar 2010
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default How To Bypass PHP Session To Avoid Security Question

    Hi guys
    I'm now working on php bot that can submit you website to many directory
    But the problem now is the Security Question like tihs

    How To avoid this Question because i want my bot to submit website Automatically without answer the question
    i Searched in google and found some threads that talk about Bypass Session
    so Is this true ؟
    anyway
    i downloaded the directory script And found that it uses a simple Session

    Here is Session code for Add-Site,php Page >
    PHP Code:
    session_start();

    if(
    $_POST['code'] != $_SESSION['captchacode'] OR $_SESSION["captchacode"]=='')
    {
    tpl_header("Error");

    if(
    $showblocks == 1){
    echo 
    "<div class='indexw'>
    <table border='0' width='100%' id='AutoNumber10'>
    <tr>
    <td width='10%' valign='top'>"
    ;
    right_blocks();
    echo 
    "</td><td width='80%' valign='top'>";
    $ssss "<div class='divmessage'>Error , Invalid Answer <a href='javascript:history.back(1)'>BACK</a></div>";
    //tpl_table("ERROR",$ssss);
    echo "<fieldset>
    <legend><span class='aa'>ERROR</span></legend>
    <div align='center'>
    $ssss</div>
    </fieldset>"
    ;
    echo 
    "</td><td width='10%' valign='top'>";
    left_blocks();
    echo 
    "</td></tr></table></div>";

    }else{

    $ssss "<div class='divmessage'>Error.Please Try Agine <a href='javascript:history.back(1)'>back</a></div>";

    echo 
    "<div class='indexw'><fieldset>
    <legend><span class='aa'>error</span></legend>
    <div align='center'>
    $ssss</div>
    </fieldset></div>"
    ;


    Of course this is only captcha SECUIRTY question code not the entire page

    also there is another code in function.php page

    PHP Code:
    function addsite() {
    global 
    $htmlorphp,$numbercharcomments,$typeaddcheck,$_SESSION,$textadd,$name_site;

    $text1 rand(0,9);
    $text2 rand(0,9);
    $text3 "Type The Answer ".$text1." + ".$text2."";
    $text4 $text1 $text2;

    $_SESSION["captchacode"] = $text4;

    if(
    $htmlorphp==1){
    $z "insert-site.html";
    }else{
    $z "add.php?action=insert";

    Can anyone help me to bypass the Session ? or is there is any other method to bypass the Security Question
    thanks

  2. #2
    Join Date
    Sep 2008
    Location
    Bristol - UK
    Posts
    842
    Thanks
    32
    Thanked 132 Times in 131 Posts

    Default

    Go away.

  3. #3
    Join Date
    Mar 2010
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    what do you mean ?
    Please respect yourself

  4. #4
    Join Date
    Mar 2006
    Location
    Illinois, USA
    Posts
    12,164
    Thanks
    265
    Thanked 690 Times in 678 Posts

    Default

    He means that we don't want to help people trying to bypass security.

    Even if we wanted to help, the entire point is that is what those questions are designed to block.

    As a general rule, we do not help with illegal requests or those violating the TOS of a website and clearly this would fall into that category.

    The theoretical answer is that the bot would need to be capable of completing the security question just like a human and then it would "bypass" it.

    PHP is serverside and secure. You can't just find a way around it.


    One possible alternative is that there may be an exception for certain bots such as google robots to search the pages, so perhaps if your site falls within what the site allows then you could ask them to include you on that list.

    And of course you could just ask the website if they will allow you to have access.
    Daniel - Freelance Web Design | <?php?> | <html>| espa˝ol | Deutsch | italiano | portuguŕs | catalÓ | un peu de franšais | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum

  5. #5
    Join Date
    Mar 2010
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    Good answer mod..
    If it is exposed then using session would be as easy as nut-cracking

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •