MoBiC-11: Digg CAPTCHA bypass
22:54 11.11.2007Next participant of the project is Digg’s captcha. Digg.com is very popular web site, so it’s star captcha.
This captcha is using at Create an Account page and it’s vulnerable for MustLive CAPTCHA bypass method. This Insufficient Anti-automation hole I found 12.09.2007.
For bypassing captcha you need to use the same captcha and captchaid values many times (for every post). Note, that one captcha image works not long, so you need new image-code pairs periodically.
Insufficient Anti-automation:
Guys not overdo with this Captcha bypass test. This exploit for educational purposes only.
Moral: never make such insecure captchas.
Неділя, 06:53 25.11.2007
It’s a bunch of inconvenience to reply:
Why is it always impossible to fix a catchpa? For my own experience, if I can’t get it right the first time, I might as well forget it or I copy and paste my comment into ‘Word’ and start all over again.
On top, hitting the go back key only deletes all typsd work instead of getting a chance for a new catchpa ore whatever you call it. (0% of the times I already refain from attempting to make a comment because of the trouble to be expected, but sometimes I really feel I have to raise my voice. And then the shit never fails to happen.
I would be really happy if there was an alternative site with similar content that would work better.