Full Disclosure mailing list archives
Vulnerability in reCAPTCHA for Drupal
From: "MustLive" <mustlive () websecurity com ua>
Date: Thu, 17 Feb 2011 19:18:49 +0200
Hello list! I want to warn you about Insufficient Anti-automation vulnerability in reCAPTCHA for Drupal. In project MoBiC in 2007 I already wrote about bypassing of reCaptcha for Drupal (http://websecurity.com.ua/1505/). This is new method of bypassing reCaptcha for Drupal. ------------------------- Affected products: ------------------------- Vulnerable are all versions of reCAPTCHA plugin for Captcha module versions before 6.x-2.3 and 7.x-1.0. ---------- Details: ---------- Insufficient Anti-automation (WASC-21): In different forms in Drupal the vulnerable captcha-plugin reCAPTCHA is using. Drupal's Captcha module is vulnerable itself, so besides reCAPTCHA other captcha-plugins also can be vulnerable (at that this exploit is a little different from exploit for default Captcha module for Drupal). For bypassing of captcha it's needed to use correct value of captcha_sid, at that it's possible to not answer at captcha (captcha_response) or set any answer. This method of captcha bypass is described in my project Month of Bugs in Captchas (http://websecurity.com.ua/1498/). Attack is possible while this captcha_sid value is active. Vulnerabilities exist on pages with forms: http://site/contact, http://site/user/1/contact, http://site/user/password and http://site/user/register. Other forms where reCAPTCHA is using also will be vulnerable. Exploit: http://websecurity.com.ua/uploads/2011/Drupal%20reCAPTCHA%20bypass.html ------------ Timeline: ------------ 2010.12.11 - announced at my site. 2010.12.14 - informed reCAPTCHA developers. 2010.12.14 - informed Google (reCAPTCHA owner). 2011.02.16 - disclosed at my site. I mentioned about this vulnerability at my site (http://websecurity.com.ua/4752/). Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Vulnerability in reCAPTCHA for Drupal MustLive (Feb 17)
- Re: Vulnerability in reCAPTCHA for Drupal Zach C. (Feb 17)
- Re: Vulnerability in reCAPTCHA for Drupal Eyeballing Weev (Feb 17)
- Re: Vulnerability in reCAPTCHA for Drupal Zach C. (Feb 17)
- Re: Vulnerability in reCAPTCHA for Drupal Michele Orru (Feb 17)
- Re: Vulnerability in reCAPTCHA for Drupal Valdis . Kletnieks (Feb 17)
- Re: Vulnerability in reCAPTCHA for Drupal Charles Morris (Feb 18)
- Message not available
- Message not available
- Re: Vulnerability in reCAPTCHA for Drupal Conor (Feb 18)
- Re: Vulnerability in reCAPTCHA for Drupal Zach C. (Feb 18)
- Re: Vulnerability in reCAPTCHA for Drupal Eyeballing Weev (Feb 17)
- Re: Vulnerability in reCAPTCHA for Drupal Zach C. (Feb 17)
- Re: Vulnerability in reCAPTCHA for Drupal Valdis . Kletnieks (Feb 18)
- Re: Vulnerability in reCAPTCHA for Drupal Charles Morris (Feb 18)