The use of the system vulnerabilities to easily bypass your CAPTCHA-vulnerability warning-the black bar safety net

ID MYHACK58:62200613454
Type myhack58
Reporter 佚名
Modified 2006-12-28T00:00:00


CAPTCHA's every time you access the page when randomly generated pictures, the content is generally numbers and letters the more powerful point and Chinese, you need the visitor to put in letters to fill into the form submission, thus effectively preventing brute force. CAPTCHA is also used to prevent malicious irrigation, advertising posts, etc.

Su snow is the early years of the famous hack artifact“knife light snow shadow”one of its function is the brute form, then it is very popular. But later with the verification code this stuff, almost put su snow is pushed to a dead end。 But really is completely dead? This article give you the answer.

For the CAPTCHA mechanism, online attack technique is the use of mathematical methods to the analysis of pictures, of course, we can't follow someone else's ideas go, that's not creative.

Think of the CAPTCHA idea, that is, every landing place to access a script file, the file is generated containing the Code of the picture and writes a value to the Session, submit the time verification log of the script will determine whether to submit the verification code whether the Session is consistent.

The question arises, in the login password after the error, and we're not going to access the generated verification image file, then if the Session of the CAPTCHA is not empty, then the CAPTCHA is to keep up with times as hard to build the Anti-riot force to crack it is useless.

PowerEasy2005 the administrator landing page is a good example, as long as we put the first access code recognizable to the session Cookie value of the constant submission you can achieve a brute-force. The figure is traced snow crack results.


A similar situation also PJBlog2 the login authentication, and so on.

The use of CAPTCHA vulnerability can also achieve DOS-and-brush voting and the like, Oh, such as CSDN blog system, a reply verification code there is this problem, so you can capture continuously submitted.

This dynamic network BBS well done, the password error after the Session CAPTCHA value is set to empty and each time the check code when the first check whether it is empty. So if you want to fix this vulnerability on the reference dynamic mesh approach.