ecshop to bypass the CAPTCHA windfall hack-vulnerability warning-the black bar safety net

ID MYHACK58:62201340384
Type myhack58
Reporter ksc@乌云
Modified 2013-09-01T00:00:00


Brief description:

Should popular version of this problem exists

Detailed description:



If the verification code does not match, and did not destroy the current CAPTCHA

So can one request the CAPTCHA image, as long as no refresh verification code you can always use

Vulnerability proof:

  1. To obtain the correct verification code