Next participant of the project is PHP-Nuke captcha. Which is using at User Registration form (and also at Login form). I found this hole at phpnuke.org (which is using last version of CMS). Vulnerable version is PHP-Nuke 8.1 (the latest) and all previous.
Like Google said there are up to 2660000 sites in Internet on this engine. And including all those sites which use PHP-Nuke, but have no “Powered by PHP-Nuke” sign, there are potentially more millions of sites which are in risk with this insecure captcha (with “powered by PHP-Nuke” query there are up to 3020000 sites).
This captcha is vulnerable for MustLive CAPTCHA bypass method. This Insufficient Anti-automation hole I found 21.10.2007.
For bypassing captcha you need to use the same gfx_check and random_num values many times (for every post).
PHP-Nuke CAPTCHA bypass.html - bypassing captcha and transition to data confirmation page.
PHP-Nuke CAPTCHA bypass2.html - bypassing captcha and data confirmation page and finishing registration.
Guys not overdo with these Captcha bypass tests. These exploits for educational purposes only. Don’t use them for malicious purposes at any site on PHP-Nuke.
You need to setup exploits to test them (set site’s URL and others data).
Moral: never make such unreliable captchas.
Also I prepared another vulnerability in PHP-Nuke captcha. So wait for today’s bonus post .