Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How robots and spiders are causing issues, how to stop them. We can also talk about Completely Automated Public Turing Test To Tell Computers And Humans Apart - their use, their compliance issues, porn proxies, PWNtcha and other ways to defeat them. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
(pathetic) CAPTCHA implementations...
Posted by: istari
Date: August 25, 2007 02:05PM

I've been seeing quite a lot of terrible CAPTCHA implementations out there lately, so here's a thread where everyone can post their findings and maybe make suggestions on how to solve the security issues we see...

Anyway, here's my contribution (found this a few days ago, and saved it because it was so funny):

In a login page's source, the (quite lazy) web developer included:

    <script language="JavaScript">
    <!--
      if (top.frames.length!=0)
       top.location=self.document.location;
       // Disable browser's Back button on another page
       // being able to go back to this page and seeing the same turing image.
       window.setTimeout('history.forward()', 1500);
    // -->
    function initpage() {
        document.turingimage.src = '/cgi-bin/sblogin/turingimage.cgi?' + Math.random();
        prefillForm();
    }
    // -->
    </script>

...and later on...

<!-- <body> -->
<!--
Use the this 1X1 pixel version of the Turing image if you remove 
the visible one from the page.  Calling the Turing image is necesary
even if it's not visible.
<img src="/cgi-bin/sblogin/turingimage.cgi" height="1" width="1" name="turingimage" id="turingimage"><br>
-->

So the page basically gives you instructions on how to bypass the CAPTCHA, LOL!

Gotta love when developers believe they're the only ones seeing the source :D

Options: ReplyQuote
Re: (pathetic) CAPTCHA implementations...
Posted by: rsnake
Date: August 26, 2007 11:59AM

Ugh... that's terrible.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: (pathetic) CAPTCHA implementations...
Posted by: Sandokan
Date: November 09, 2007 05:19PM

Doesn't that work only when the image is actually turned off? In which case it's not important since there's no image at all?

Options: ReplyQuote
Re: (pathetic) CAPTCHA implementations...
Posted by: istari
Date: November 14, 2007 10:27AM

it should work that way, but you can make the script believe the captcha is turned off when it actually is turned on... so you bypass the captcha without even having to solve it :P

Options: ReplyQuote


Sorry, only registered users may post in this forum.