Websecurity - Веб безпека

Next participant of the project is captcha at peterhost.ru. Which is using in comments form in articles at the site.

This is text captcha and it is vulnerable for MustLive CAPTCHA bypass method. Most interesting that hole is in article about protection from DoS attacks. This Insufficient Anti-automation hole I found 24.10.2007.

For bypassing captcha you need to use the same id and Numba values many times (for every post). This is classic MustLive CAPTCHA bypass method, which easily bypass text captchas.

Insufficient Anti-automation:

peterhost.ru CAPTCHA bypass.html

Guys not overdo with this Captcha bypass test. Not post too much at this site. This exploit for educational purposes only.

Moral: never make such insecure captchas.

This entry was posted on 22:51 22.11.2007 and is filed under MoBiC. You can follow any responses to this entry through the RSS 2.0 feed.