Home > Operation and Maintenance > Safety > How to easily bypass human-machine authentication Captcha

How to easily bypass human-machine authentication Captcha

WBOY
Release: 2023-05-11 17:55:12
forward
5787 people have browsed it

The Writeup shared today is a simple human-computer authentication (Captcha) bypass method discovered by the author during the target website vulnerability test. The Chrome developer tools were used to create simple elements on the target website login page. The editor has implemented Captcha bypass.

Human-computer authentication (Captcha) usually appears on the registration, login and password reset pages of the website. The following is the Captcha mechanism arranged by the target website in the login page.

How to easily bypass human-machine authentication Captcha

As you can see from the picture above, the user can only click the login button (Sign-IN) after checking "I'm not a robot" of the Captcha verification mechanism. Display will be enabled for users to click on. Therefore, based on this, I right-clicked the Sign-In button, and then used the "Inspect Element" function of Chrome Developer Tools to view the underlying elements of the Sign-In button. At this time, I found that it was in the " After the "Submit" action, the "Disable" attribute is defined. Well, then I will change it to "Enable" and give it a try.

How to easily bypass human-machine authentication Captcha

With this change, the login button (Sign-IN) is displayed and clickable. Well, I am indeed not a robot. Human-machine authentication (Captcha) is here It became a decoration.

How to easily bypass human-machine authentication Captcha

I was curious about the server-side verification method, so I used BurpSuite to capture packets in the above process. I found that the server did not verify the Captcha operation submitted by the user at the beginning, so , even if I delete the submitted Captcha session content, I can still jump to the login page without triggering the "Enable" attribute.

How to easily bypass human-machine authentication Captcha

The above is the detailed content of How to easily bypass human-machine authentication Captcha. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:yisu.com
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template