MoBiC-16: Cryptographp CAPTCHA bypass

23:28 16.11.2007

Next participant of the project is Cryptographp. It is captcha plugin for WordPress. Vulnerable version is Cryptographp 1.2 (and previous versions).

Statistics at wordpress.org said that this plugin was downloaded 6285 times. And taking into account that this plugin also can be downloaded from others sources, so total amount of downloads and sites which use this plugin is much more. So there are many thousands of sites which are in risk with this plugin.

This captcha is vulnerable for session reusing with constant captcha bypass method. This Insufficient Anti-automation hole I found 15.11.2007.

Session reusing with constant captcha bypass method - it is tricky method. For bypassing you need to use the same securitycode value for every post (during current session). And after you’ll see first captcha image, you need to turn off images, so captcha will not be regenerating and you’ll be using the same code many times.

Insufficient Anti-automation:

Cryptographp CAPTCHA bypass.html

This exploit for educational purposes only.

You need to setup exploit to test it (set site’s URL and others data).

Moral: never make such vulnerable captchas.


Leave a Reply

You must be logged in to post a comment.