MoBiC-05 Bonus: Google CAPTCHA bypass

22:51 05.11.2007

Next participant of the project is Google’s captcha. It is also star captcha and it’s also captcha of Google, like previous one.

This captcha is using at Add your URL to Google page and it’s hard one, like previous captcha. It’s also vulnerable for half-automated method (it is one of Advanced MustLive CAPTCHA bypass methods). This Insufficient Anti-automation hole I found 19.08.2007.

At this page you can add url without entering captcha code. So if it needed to spend time on captchas at this page. But this form also protected by token and Google can make captcha obligatory in the future. In any case for adding urls you need new token (id) every time. Which can be retrieved automatically. So adding urls can be done fully automated (using captcha token bypass method).

Insufficient Anti-automation:

Google CAPTCHA bypass.html

You can bypass captcha by using half-automated method and bypass anti CSRF protection by using new id every time (you can get it automatically by program like I showed before).

Insufficient Anti-automation:

Google CAPTCHA bypass2.html

While searching for vulnerable captchas, I also find vulnerabilities in them different from Insufficient Anti-automation. And I’ll write about such vulnerabilities (in various captchas). This time it’s redirector hole.

Redirector:

Redirector in Google’s captcha

For using redirector you need to use new id every time (to bypass anti CSRF protection). You can get new token automatically by program, so it’s easy to use this hole. I already wrote about redirectors in Goolge, this is new one. From one side, why use this protected redirector if there are many others open redirectors at Google. But it’s not so protected and can be used by bad guys, so better to fix this hole.

Moral: try to make more secure captchas and without redirectors.


Leave a Reply

You must be logged in to post a comment.