Skip to content
/ captcha-bypass Public

A threat actor may bypass the Completely Automated Public Turing test to tell Computers and Humans Apart (captcha) by breaking the solving logic, human-assisted solving services, or utilizing automated technology

License

AGPL-3.0 license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

qeeqbox/captcha-bypass

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
captcha-bypass.drawio
captcha-bypass.drawio
 
 
captcha-bypass.png
captcha-bypass.png
 
 

Repository files navigation

A threat actor may bypass the Completely Automated Public Turing test to tell Computers and Humans Apart (captcha) by breaking the solving logic, human-assisted solving services, or utilizing automated technology.

Example #1

  1. Threat actor fills up a feedback form with the wrong captcha
  2. Server sends a request to answer the captcha correctly
  3. Threat actor fills up a feedback form with null
  4. Sever does not handle null properly and continues to process the request

Impact

Vary

Risk

  • Perform unauthorized action

Redemption

  • Different captcha
  • Device fingerprinting

ID

d9d7a4e5-dfa6-4d7a-a5c2-65799113437d

References

About

A threat actor may bypass the Completely Automated Public Turing test to tell Computers and Humans Apart (captcha) by breaking the solving logic, human-assisted solving services, or utilizing automated technology

Topics

metadata captcha example vulnerability bypass visulization qeeqbox infosecsimplified

Resources

Readme

License

AGPL-3.0 license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

2 stars

Watchers

2 watching

Forks

0 forks
Report repository

Sponsor this project

 
Learn more about GitHub Sponsors