Home > Uncategorized > #Vulnerability in CaptchaSecurityImages.php

#Vulnerability in CaptchaSecurityImages.php

CaptchaSecurityImages

CaptchaSecurityImages.php is a common captcha generation script, that really should never be used. It was written back in 2006 by Simon Jarvis, but it’s got some serious security flaws.

The main one being, it’s configurable remotely, so instead of a hard captcha like this

CaptchaSecurityImages-hard

 

 

You can simply pass in parameters saying you’d like it to be massive, and let’s make the text bright red, so that it’s easy to filter from the background – and, let’s have 2 characters rather than 6, then we can put that through any OCR webservice, and it’ll read it no problem.

width=500&height=220&characters=2&font_color=FF0000

Well done Mr. Jarvis… Use google recaptcha instead.

Advertisements
Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: