Next participant of the project is Peter’s Random Anti-Spam Image. It is captcha plugin for WordPress. This plugin from the same author as Peter’s Custom Anti-Spam Image and it’s more reliable than previous plugin, but also has vulnerabilities.
This is popular captcha plugin (like Custom Anti-Spam Image) which is using at many sites. So there are many web sites which are in risk with this plugin. Vulnerable version of plugin is Peter’s Random Anti-Spam Image 0.2.4 (and all previous).
This captcha is vulnerable for half-automated method (I’ll wrote about another more serious hole in bonus post). It is one of Advanced MustLive CAPTCHA bypass methods which I described in article MoBiC-05: Blogger CAPTCHA bypass. This Insufficient Anti-automation hole I found 03.11.2007.
In half-automated method you need to prepare captchas image-code pairs beforehand (because of one-time captcha images). For bypassing you need to use new securitycode and matchthis values for every post. It’s not fully automated, but it’s still half-automated bypass (without using OCR, only using vulnerabilities in captcha directly). Those who don’t want to work by themselves, can use low cost work force to prepare image-code pairs or use OCR software (even for not real time recognition), and bad guys often use such techniques. Though this method allow personal captcha bypassing without additional resources (work force or OCR).
This exploit for educational purposes only.
You need to setup exploit to test it (set site’s URL and others data).
Moral: try to make more secure captchas.
Also I prepared another vulnerability in Peter’s Random Anti-Spam Image. So wait for today’s bonus post .