Next participant of the project is WP-ContactForm (its new version with built-in captcha made by another author). It is plugin for WordPress. Vulnerable version is WP-ContactForm 2.0.7 (and previous versions).
I already wrote about vulnerabilities in WP-ContactForm, it was in original version of plugin. Recently I fully tested it and found many new holes. And I’ll post information about new holes in original WP-ContactForm plugin later. Also I fully tested new version of this plugin and found many holes. It’s very popular plugin (and version with captcha too). So there are many sites which are in risk with this plugin.
For bypassing captcha you need to use the same wpcf_response value for every post. Constant value bypass method is similar to MustLive CAPTCHA bypass method (the same value is sending many times).
This exploit for educational purposes only.
You need to setup exploit to test it (set site’s URL and others data). If you want to test it immediately, here is online example.
I found this hole at blogsecurity.net which is using WP-ContactForm plugin. It is security site, so they need more reliable protection. I already informed admin of the site about this issue.
Guys not overdo with this Captcha bypass test. This exploit for educational purposes only.
Moral: never make such insecure captchas.
Also I prepared another vulnerabilities in WP-ContactForm. So wait for today’s bonus post .