MoBiC-02: craigslist.org CAPTCHA bypass

22:35 02.11.2007

Next participant of the project is craigslist’s captcha. Craigslist.org is very popular web site and its owners need to use more reliable protection. This is star captcha :-) (because of popularity of the site) and there will be some star captchas in my project.

The captcha at signup page is vulnerable to MustLive CAPTCHA bypass method. This Insufficient Anti-automation hole I found 01.11.2007.

For bypassing you need to use the same captchaID and verificationWord values many times (for every post). This is classic MustLive CAPTCHA bypass method. And put new email into emailAddress field (new email for every post).

Insufficient Anti-automation:

craigslist.org CAPTCHA bypass.html

Guys not overdo with this Captcha bypass test. This exploit for educational purposes only.

Moral: never make such vulnerable captchas.


2 відповідей на “MoBiC-02: craigslist.org CAPTCHA bypass”

  1. Niyaz PK каже:

    Down with Captchas.

  2. MustLive каже:

    Niyaz PK, yes, captchas are not reliable. They need to be improved. There are a lot of vulnerable captchas in Internet.

    And I can tell you about Google’s captcha (as you also wrote about it). This captcha will be in my project ;-) (and it’ll be today).

Leave a Reply

You must be logged in to post a comment.