Anthology of attacks via captchas
22:45 08.04.2010This is English version of my Anthology of attacks via captchas article.
Earlier I made anthology of attacks via redirectors (opened and closed) in my articles Redirectors: the phantom menace and Attacks via closed redirectors. And in this article I’ll make anthology of attacks via captchas.
CAPTCHA - it’s security web applications, which designed to protect web sites against automated requests. But captchas not only badly handle with protection against automated requests, but they also create possibilities for other attacks at the sites and their visitors. There are many different attacks via captchas, which I’ll tell about in this article.
Attacks via captchas.
Besides direct captcha bypass, there also can be made many other attacks via them. Here is a list of all attacks via captchas which I know:
- Captcha bypass.
- Redirector attacks.
- Cross-Site Scripting attacks.
- SQL Injection attacks.
- CSRF attacks.
- Information leakages.
- Denial of Service attacks.
Captcha bypass.
Multiple Insufficient Anti-automation vulnerabilities occur in captchas, which allow to bypass captchas for sending of automated requests. Which I told about in details in my project Month of Bugs in Captchas.
Redirector attacks.
In Google’s captcha there is Redirector vulnerability, which allow to redirect visitors to arbitrary sites.
Cross-Site Scripting attacks.
In captcha for Nucleus and in plugins Peter’s Random Anti-Spam Image, Math Comment Spam Protection, Captcha!, Cryptographp, WP-ContactForm and CapCC for WordPress there are Cross-Site Scripting vulnerabilities (reflected and persistent), which can be used for XSS attacks.
SQL Injection attacks.
In captcha for Nucleus and in plugin CapCC for WordPress there are SQL Injection vulnerabilities, which can be used for attacks on the sites.
CSRF attacks.
In plugins Captcha! and CapCC for WordPress there are Cross-Site Request Forgery vulnerabilities, which can be used for CSRF-attacks. Including for exploitation of Insufficient Anti-automation (in both captchas) and SQL Injection (in second captcha) vulnerabilities.
Information leakages.
In captcha for Nucleus there are Full path disclosure and SQL DB Structure Extraction vulnerabilities, and in plugin CapCC for WordPress there is Full path disclosure vulnerability. Which lead to leakage of information at the site.
Denial of Service attacks.
There can be conducted DoS attacks via captchas (via SQL Injection and Denial of Service vulnerabilities in them). Which I wrote about in details in my article DoS attacks via captchas.
Conclusions.
Instead of protecting of web sites against automated requests, captchas often pose a threat to security of web sites and their visitors. So developers of captchas and owners of web site which use them need always to check security of their captchas.
