As with Captcha Bypass Vulnerability in /admin/loginc.php, the following code does not check wether isset($_SESSION['captcha']['code'])==1, } elseif (strtolower($_POST['captcha']) != strtolower($_SESSION['captcha']['code'])) {
So, in order to bypass this captcha, we could simply empty $_POST['captcha'], but make sure there is no previous GET request to /reg.php.
The text was updated successfully, but these errors were encountered:
/reg.php
As with Captcha Bypass Vulnerability in /admin/loginc.php, the following code does not check wether isset($_SESSION['captcha']['code'])==1,

} elseif (strtolower($_POST['captcha']) != strtolower($_SESSION['captcha']['code'])) {So, in order to bypass this captcha, we could simply empty $_POST['captcha'], but make sure there is no previous GET request to /reg.php.
The text was updated successfully, but these errors were encountered: