Next participant of the project is AIP captcha. It is Auto-Input Protection (AIP) for ASP.NET. This captcha plugin is using at some amount of sites and all of them are in risk with this insecure captcha.
This captcha plugin is vulnerable for Advanced MustLive CAPTCHA bypass method. In current example plugin is using at contact me page. This Insufficient Anti-automation hole I found 30.10.2007.
In Advanced MustLive CAPTCHA bypass method you need to use the same ctl00$Main$aip$input value for every post. And because sites with AIP are using ASP.NET, you need also to bypass (bult-in) CSRF protection also. For this you can use the same __VIEWSTATE and __EVENTVALIDATION values.
This exploit for educational purposes only.
You need to setup exploit to test it (set site’s URL and others data). If you want to test it immediately, here is online example.
I found this hole at adamcooper.com which is using AIP captcha.
Guys not overdo with this Captcha bypass test. This exploit for educational purposes only.
Moral: never make such unreliable captchas.