MoBiC-02: craigslist.org CAPTCHA bypass
22:35 02.11.2007Next participant of the project is craigslist’s captcha. Craigslist.org is very popular web site and its owners need to use more reliable protection. This is star captcha (because of popularity of the site) and there will be some star captchas in my project.
The captcha at signup page is vulnerable to MustLive CAPTCHA bypass method. This Insufficient Anti-automation hole I found 01.11.2007.
For bypassing you need to use the same captchaID and verificationWord values many times (for every post). This is classic MustLive CAPTCHA bypass method. And put new email into emailAddress field (new email for every post).
Insufficient Anti-automation:
craigslist.org CAPTCHA bypass.html
Guys not overdo with this Captcha bypass test. This exploit for educational purposes only.
Moral: never make such vulnerable captchas.
Понеділок, 06:32 05.11.2007
Down with Captchas.
Понеділок, 16:48 05.11.2007
Niyaz PK, yes, captchas are not reliable. They need to be improved. There are a lot of vulnerable captchas in Internet.
And I can tell you about Google’s captcha (as you also wrote about it). This captcha will be in my project (and it’ll be today).