MoBiC-27: internetua.com CAPTCHA bypass
Next participant of the project is captcha at internetua.com. Which is using in comments form at the site
This captcha is vulnerable for session reusing with null captcha bypass method. This Insufficient Anti-automation hole I found 04.11.2007
Session reusing with null captcha bypass method – it is very tricky method, which is similar to session reusing with constant captcha bypass method. For bypassing you need to send first message with captcha code and then use empty security_code value for every post (during current session). After you’ll see first captcha image, you need to turn off images, so captcha will not be regenerating and you’ll be using empty (null) captcha code many times. By the way, as I retested this hole I found that they made some changes at site, so captcha is bypassing now via session reusing with constant captcha bypass method (using not null, but the same captcha code ).
Insufficient Anti-automation:
internetua.com CAPTCHA bypass.html
Guys not overdo with this Captcha bypass test. Not post too much at this site. This exploit for educational purposes only
Moral: never make such unreliable captchas.
