Home > Uncategorized > #Vulnerability in CaptchaSecurityImages.php

#Vulnerability in CaptchaSecurityImages.php


CaptchaSecurityImages.php is a common captcha generation script, that really should never be used. It was written back in 2006 by Simon Jarvis, but it’s got some serious security flaws.

The main one being, it’s configurable remotely, so instead of a hard captcha like this




You can simply pass in parameters saying you’d like it to be massive, and let’s make the text bright red, so that it’s easy to filter from the background – and, let’s have 2 characters rather than 6, then we can put that through any OCR webservice, and it’ll read it no problem.


Well done Mr. Jarvis… Use google recaptcha instead.

Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: