Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added a bad CAPTCHA vulnerability #69

Open
wants to merge 3 commits into
base: master
Choose a base branch
from

Conversation

martingalloar
Copy link

This added vulnerability is aimed at playing with image recognition/OCR to guess/identify bad CAPTCHA codes. As opposite to "Insecure CAPTCHA", there's no vulnerability on the validation logic but instead the CAPTCHA is generated using weak configurations.

It also has the advantage that can be used in isolated environments where the DVWA doesn't have Internet access and ReCaptcha can't be used. The library used is https://github.com/claviska/simple-php-captcha (MIT license).

Let me know if you think it would be a good addition or if it need some aspect to be worked on. Otherwise I left it here for if someone else has a requirement similar to this one.

This added vulnerability is aimed at playing with image recognition/OCR to guess bad CAPTCHA codes.
@digininja
Copy link
Owner

Anyone got any time to go through this and have a look at it? Would need updating to include impossible level.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants