1

Closed

V2 example captcha is easily bypassable

description

  1. Get firefox, download tamperdata.
  2. go to: http://www.somebody4u.com/contactus
  3. Press start tamper on tamperdatas UI.
  4. Solve the captcha and send the message.
  5. Start Tampering.
  6. Write down the values for "EncryptedSolution" and "Attempt".
  7. Press Submit on tamperdata.
  8. Press back in the browser to get a new antiforgery token.
  9. Post another message dont bother with the captcha.
  10. Catch the post with tamperdata.
  11. switch your EncryptedSolution and Attempt fields with the previous ones.
  12. Submit.
  13. Enjoy your unlimited posts with only 1 solved captcha.
     
    You could easily write a script to do this in like any language.
     
    This is so wrong.
Closed Aug 2, 2012 at 2:57 AM by LeePaulSmith

comments

LeePaulSmith wrote Aug 1, 2012 at 10:11 PM

I have fixed this by reintroducing state but I can't be bothered to publish it just to help out dicks like you.

wrote Aug 2, 2012 at 2:57 AM

wrote Feb 14, 2013 at 2:07 AM

wrote May 16, 2013 at 7:40 AM